[CentOS] CentOS6 and pam_access

lhecking at users.sourceforge.net lhecking at users.sourceforge.net
Fri Oct 19 10:12:21 EDT 2012


 
>  Under CentOS5, I used this configuration to restrict access to root only:
> 
> # cat /etc/security/access.conf
> + : root : ALL
> - : ALL : ALL
> # cat /etc/pam.d/system-auth-ac
> ...
> account     required      pam_access.so
> account     required      pam_unix.so
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
> ...
> # 
 
 Figured it out by reverse-engineering the changes made by system-config-authentication.

 In addition to system-auth-ac, as a minimum, password-auth-ac needs the
 same update. To make it complete, fingerprint-auth-ac and smartcard-auth-ac
 need the additional line, too (not that they matter on the server hw here).

 The state of PAM access is also recorded in /etc/sysconfig/authconfig
 (USEPAMACCESS=yes/no), but this seems to serve as a reminder for
 system-config-authentication more than actual system services configuration.



More information about the CentOS mailing list