[CentOS] pam_access not working?
Morten Kjeldgaard
mok at bioxray.dk
Thu Nov 30 15:35:19 UTC 2006
Barry wrote:
> Is there a reverse DNS entry for the machine you are denying yourself
> from? Try using the ip address instead of the hostname so we can
> eliminate that from the equation.
OK, good point! I changed the entry in /etc/security/access.conf to
-:mok:beast
(instead of -:mok:10.14.44.104)
> I've just had a play on a test system and I seem to have it working.
... and setup the sshd with UsePAM yes like suggested by Will, and now
the setup WORKS!
We _do_ have reverse IP lookup, but perhaps the reverse lookup and the
authentication do not agree on whether to use a FQDN or the short form.
Anyhow, using the short form works in our setup. So, now that it works,
I could test to see what breaks it again, and it is definitely important
to have the "UsePAM yes" line in sshd_config.
> [user at client ~]$ ssh -ltestuser 192.168.24.112
> Password:
> Password:
> Password:
> Permission denied (publickey,keyboard-interactive).
I get the same (unfriendly) message. It would be nice to be able to
print a message to the user, explaining why access is denied. Otherwise
we will have users standing in lines demanding an explanation. I guess
it is possible with some sneaky pam engineering, I will look into that next.
Thanks for the help!
Cheers,
Morten
--
Morten Kjeldgaard, Asc. professor, Ph.D.
Department of Molecular Biology, Aarhus University
Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark
Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178
Home +45 86188180 * http://www.bioxray.dk/~mok
More information about the CentOS
mailing list