On Monday 04 June 2007 23:25, Bjoern Voigt wrote:
Fajar Priyanto <fajarpri@cbn.net.id> wrote:
I'm trying to show a demo on how to modify PAM so that /etc/nologin is bypass by ssh. I have modified /etc/pam.d/sshd: #%PAM-1.0 auth include common-auth #auth required pam_nologin.so
[...]
When I try to ssh into the PC, I get logged in, but immediately got kicked out. In /var/log/messages I see this: sshd : User fajar is not allowed because /etc/nologin exists
I think it is not possible to configure sshd so that it ignores /etc/nologin. The check for /etc/nologin seems to be hard-codes in /usr/sbin/sshd:
$ strings /usr/sbin/sshd | grep nologin /etc/nologin
Yes it is, but at least in 10.1 and 10.2, it is disabled if UsePAM is set to yes in /etc/ssh/sshd_config. In ssh versions before 4.3p1 it was always checked Commenting out the line in pam.d/sshd works for me on 10.1 and 10.2 btw, "strings" will only tell you if it looks at that file at all. It won't tell you anything about the logic surrounding it. Only the source code can do that -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org