Bypassing PAM modules for particular groups in Linux (mdnteo)

Vasudeva R rachamad at gmail.com
Tue Apr 15 15:27:32 UTC 2008 

Thank you. I have tested by using the following line in system-auth file

account     sufficient    /lib/security/$ISA/pam_succeed_if.so user ingroup
testadm debug

After adding the above mentioned line, i am able to bypass only pam_tally.so
module (account lock out parameter) for  the  users who are in testadm.

Now i wanted to configure following settings as well.

1. adding multiple groups in above line (pam_succeed_if.so)
2. bypassing other pam modules like pam_cracklib.so  and so on.

Thanks
Vasu





> To: "Pluggable Authentication Modules" <pam-list at redhat.com>
> Date: Mon, 14 Apr 2008 22:31:49 +0200
> Subject: Re: Bypassing PAM modules for particular groups in Linux
> It should work with pam_succeed_if, you can check the manual for full
> details.
>
> I.E.
> account required pam_succeed_if.so uid>=200 shell=bash
>
> *field < number* Field has a value numerically less than number. *field <=
> number* Field has a value numerically less than or equal to number. *field
> eq number* Field has a value numerically less equal to number. *field >=
> number* Field has a value numerically greater than or equal to number. *field
> > number* Field has a value numerically greater than number. *field ne
> number* Field has a value numerically different from number. *field =
> string* Field exactly matches the given string. *field != string* Field
> does not match the given string. *field =~ glob* Field matches the given
> glob. *field !~ glob* Field does not match the given glob. *field in
> item:item:...* Field is contained in the list of items separated by
> colons. *field notin item:item:...* Field is not contained in the list of
> items separated by colons. *user ingroup group* User is in given group. *user
> notingroup group* User is not in given group. *user innetgr netgroup* (user,host)
> is in given netgroup. *user notinnetgr group* (user,host) is not in given
> netgroup.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080415/833b320a/attachment.htm>

More information about the Pam-list mailing list