[CentOS] pam_access not working?

Will McDonald wmcdonald at gmail.com
Wed Nov 29 14:05:11 UTC 2006

On 29/11/06, Morten Kjeldgaard <mok at bioxray.dk> wrote:
> Hi,
> I am having a strange problem, where I cannot get pam_access to work as
> intended. I have placed the following line in /etc/pam.d/system-auth
> account     required      /lib/security/pam_access.so
> Then, in /etc/security/access.conf, I have put the following line:
> -:mok:
> I.e. I should prevent myself from logging on from host
> However, when I try to log on (using ssh) from the specified host, I get
> in without a problem. There is nothing in the logs. It does not help
> restarting sshd, or rebooting. It does not help putting "ALL" instead of
> the IP number. I happily get in...

Is UsePAM set in your sshd_config ?

     UsePAM  Enables the Pluggable Authentication Module interface.  If set
             to "yes" this will enable PAM authentication using
             ChallengeResponseAuthentication and PAM account and session mod-
             ule processing for all authentication types.

             Because PAM challenge-response authentication usually serves an
             equivalent role to password authentication, you should disable
             either PasswordAuthentication or

             If UsePAM is enabled, you will not be able to run sshd(8) as a
             non-root user.  The default is "no".


More information about the CentOS mailing list