[CentOS] CentOS6 and pam_access
lhecking at users.sourceforge.net
lhecking at users.sourceforge.netFri Oct 19 14:12:21 UTC 2012
- Previous message: [CentOS] CentOS6 and pam_access
- Next message: [CentOS] CentOS-announce Digest, Vol 92, Issue 7
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Under CentOS5, I used this configuration to restrict access to root only: > > # cat /etc/security/access.conf > + : root : ALL > - : ALL : ALL > # cat /etc/pam.d/system-auth-ac > ... > account required pam_access.so > account required pam_unix.so > account sufficient pam_localuser.so > account sufficient pam_succeed_if.so uid < 500 quiet > account required pam_permit.so > ... > # Figured it out by reverse-engineering the changes made by system-config-authentication. In addition to system-auth-ac, as a minimum, password-auth-ac needs the same update. To make it complete, fingerprint-auth-ac and smartcard-auth-ac need the additional line, too (not that they matter on the server hw here). The state of PAM access is also recorded in /etc/sysconfig/authconfig (USEPAMACCESS=yes/no), but this seems to serve as a reminder for system-config-authentication more than actual system services configuration.
- Previous message: [CentOS] CentOS6 and pam_access
- Next message: [CentOS] CentOS-announce Digest, Vol 92, Issue 7
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list