[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] Pam authentification



On Wed, Feb 15, 2006 at 03:37:30PM +0100, Anthony Assi wrote:
> Hi,
> 
> i need to restrict access to some nodes of the cluster to all users 
> except Root and me,
> 
> i tried the following Pam_access method
> 
> **in /etc/security/access.conf :
> +:root myusername:ALL
> -:ALL:ALL
> 
> 
> in /etc/pam.d/sshd or /etc/pam.d/login:
> account  required  pam_access.so
> 
> and then did a:  /etc/init.d/sshd reload

I use access.conf, but not in as strict a way as above (typically, I want
to allow most users, but only allow root from one or two hosts).  However,
I've never had issues with it working.  You'll also probably want to add
LOCAL to the host field of the allow rule so that cron will be able to su.

Alternatively, until you can get access.conf working, you could use
AllowUsers and AllowGroups in sshd_config:

AllowUsers	root myusername
AllowGroups 	root mygroup

-- 
Gabe Turner                                             gabe msi umn edu
UNIX Systems Administrator,
University of Minnesota Supercomputing Institute
 for Digital Simulation and Advanced Computation         www.msi.umn.edu


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]