[CentOS] pam_access not working?

Morten Kjeldgaard mok at bioxray.dk
Thu Nov 30 12:45:08 UTC 2006

Hi again,

Big thanks to Barry Brimer and Will McDonald for your suggestions!

I had big hopes for the "UsePAM  yes" in sshd_config since I was not 
aware of that option, and it seemed like THE solution. However, tried 
it, restarted the sshd daemon but still the same, I can still log on. 
Totally strange.

Next I would like to consider Barry's suspicion that something is wrong 
with the order of statements in /etc/pam.d/system-auth. Here is my 
current file, I simply put the pam_access line just before he other 
"account" line:

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/pam_access.so
account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok 
md5 shadow nis
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

... and, to be sure, system-auth is referenced within /etc/pam.d/sshd:

auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

I hope you can spot something wrong in here :-) -- it all seems ok to me.


Morten Kjeldgaard, Asc. professor, Ph.D.
Department of Molecular Biology, Aarhus University
Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark
Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178
Home +45 86188180 * http://www.bioxray.dk/~mok

More information about the CentOS mailing list