Running script on sshd auth failure

Wagner wagnerspi at gmail.com
Thu Jul 15 19:03:56 UTC 2021


Hi,

I'm running some GCE instances, with OS login enabled and would like to run
scripts when a user fails to authenticate

on /etc/pam.d/system-auth I have this:

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so

account     required      pam_unix.so

password    requisite     pam_pwquality.so try_first_pass local_users_only
retry=3 authtok_type=
password    sufficient    pam_unix.so try_first_pass use_authtok nullok
sha512 shadow
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session     required      pam_unix.so



I've tried adding the exec after the pam.deny but it didn't work, is this
the right place to be added?

Does anyone have any clues?

thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20210715/05d95f19/attachment.htm>


More information about the Pam-list mailing list