Using PAM for additional SSH/Console authentication
Stuart Sears
stuart at sjsears.com
Wed Apr 28 20:41:09 UTC 2004
Yagi Angrypants wrote:
>A while ago I had configured an RH box so that ssh
>users had to have their account names entered into a
>text file (in addition to the "usual" requirements) in
>order to be able to ssh into a machine.
>
>I can't remember how to do this now. I'd like to
>configure a box I have now so that ssh and console
>users need to have their accounts specificially
>entered into additional text files to permit such
>access. Can someone point me to a good link that
>discusses modifying the PAM configuration to
>accomplish this?
>
>Thanks
>
>
I believe pam_listfile will do this for you:
/usr/share/doc/Linux-Pam-*/
possibly in /etc/pam.d/login:
(not in system-auth, unless you are never going to run authconfig again)
auth required pam_listfile.so sense=allow item=user onerr=deny
file=/etc/allowedusers
>
>
>
>__________________________________
>Do you Yahoo!?
>Win a $20,000 Career Makeover at Yahoo! HotJobs
>http://hotjobs.sweepstakes.yahoo.com/careermakeover
>
>
>
>
More information about the redhat-list
mailing list