Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-security (670 mails)

< Previous Next >
PAM trouble :-(
  • From: "Thorsten Marquardt" <thom@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 9 Nov 2001 11:45:27 +0000 (MEST)
  • Message-id: <200111091145.LAA15355@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>


Hi List,

first off all thanks for all your tips and hints abou "sftp without ...".

Now I try to limit users by configuring PAM but get frustrated:

My /etc/pam.d/sshd :


#%PAM-1.0
auth required /lib/security/pam_unix.so # set_secrpc
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_warn.so
account required /lib/security/pam_access.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_pwcheck.so
password required /lib/security/pam_unix.so use_first_pass use_authtok
session required /lib/security/pam_unix.so none # trace or debug
session required /lib/security/pam_limits.so


and /etc/pam.d/login:

#%PAM-1.0
auth requisite /lib/security/pam_unix.so nullok #set_secrpc
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
#auth required /lib/security/pam_homecheck.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_mail.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_pwcheck.so nullok
password required /lib/security/pam_unix.so nullok use_first_pass use_authtok
session required /lib/security/pam_unix.so none # debug or trace
session required /lib/security/pam_limits.so

For testting I put the line the line:

thom soft maxlogins 1

in /etc/security/limits.conf.


Logging into the computer from a local point (tty, su - thom) works fine. The attempt to
have a second shell leads to the expected result but I can do have any number of ssh-sessions
to this computer. My sshd is OpenSSH_2.5.1p1.

Thanks in advance

Thom
--

-------------------------------------------------------------------
bye bye (c) by Thom | Thorsten Marquardt
| EMail: THOM@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Member of the pzt project.
| http://kaupp.chemie.uni-oldenburg.de/pzt
-------------------------------------------------------------------


< Previous Next >
Follow Ups