[CentOS] pam_access not working?
mok at bioxray.dk
Thu Nov 30 12:45:08 UTC 2006
Big thanks to Barry Brimer and Will McDonald for your suggestions!
I had big hopes for the "UsePAM yes" in sshd_config since I was not
aware of that option, and it seemed like THE solution. However, tried
it, restarted the sshd daemon but still the same, I can still log on.
Next I would like to consider Barry's suspicion that something is wrong
with the order of statements in /etc/pam.d/system-auth. Here is my
current file, I simply put the pam_access line just before he other
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/pam_access.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow nis
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
... and, to be sure, system-auth is referenced within /etc/pam.d/sshd:
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
I hope you can spot something wrong in here :-) -- it all seems ok to me.
Morten Kjeldgaard, Asc. professor, Ph.D.
Department of Molecular Biology, Aarhus University
Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark
Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178
Home +45 86188180 * http://www.bioxray.dk/~mok
More information about the CentOS