[Linux-cluster] Pam authentification
Gabe Turner
gabe at msi.umn.edu
Wed Feb 15 14:53:29 UTC 2006
On Wed, Feb 15, 2006 at 03:37:30PM +0100, Anthony Assi wrote:
> Hi,
>
> i need to restrict access to some nodes of the cluster to all users
> except Root and me,
>
> i tried the following Pam_access method
>
> **in /etc/security/access.conf :
> +:root myusername:ALL
> -:ALL:ALL
>
>
> in /etc/pam.d/sshd or /etc/pam.d/login:
> account required pam_access.so
>
> and then did a: /etc/init.d/sshd reload
I use access.conf, but not in as strict a way as above (typically, I want
to allow most users, but only allow root from one or two hosts). However,
I've never had issues with it working. You'll also probably want to add
LOCAL to the host field of the allow rule so that cron will be able to su.
Alternatively, until you can get access.conf working, you could use
AllowUsers and AllowGroups in sshd_config:
AllowUsers root myusername
AllowGroups root mygroup
--
Gabe Turner gabe at msi.umn.edu
UNIX Systems Administrator,
University of Minnesota Supercomputing Institute
for Digital Simulation and Advanced Computation www.msi.umn.edu
More information about the Linux-cluster
mailing list