Login restrictions in NIS environment

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Installation - Getting started with Red Hat Linux

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Login restrictions in NIS environment

Login restrictions in NIS environment

2005-06-08 - By James Cooley

Back

Reply: 1 2 3 4 5 6 7 8 9 10 >>

You can prevent the SSH login by adding pam_access to
/etc/pam.d/system-auth instead of /etc/pam.d/login. The system-auth
stack is called by both login and ssh access.

As for su, there really isn't any way that I know of to prevent that,
except by not making the user available in nis.

--James Cooley

Richard Hobbs wrote:

>Hello,
>
>OK, I now have a partly working solution... It disallows me from logging in
>directly on the console, and it still allows everyone else access. I am
>using James Cooley's suggestion of pam_access.
>
>However, if I log in as root and 'su' to myself, it allows it, and if I SSH
>into the machine as myself it allows it.
>
>How can I stop my account from logging in via SSH as well using this method?
>
>Here are the files from our test machine:
>
>/etc/pam.d/login:
>#%PAM-1.0
>auth required /lib/security/pam_securetty.so
>auth required /lib/security/pam_stack.so service=system-auth
>auth required /lib/security/pam_nologin.so
>account required /lib/security/pam_stack.so service=system-auth
>password required /lib/security/pam_stack.so service=system-auth
>session required /lib/security/pam_stack.so service=system-auth
>session optional /lib/security/pam_console.so
>account required /lib/security/pam_access.so
>
>/etc/pam.d/rlogin:
>#%PAM-1.0
>account required /lib/security/pam_access.so
>
>/etc/pam.d/rsh:
>#%PAM-1.0
>account required /lib/security/pam_access.so
>
>/etc/pam.d/ftp:
>#%PAM-1.0
>account required /lib/security/pam_access.so
>
>I had to create "rlogin", "rsh" and "ftp" because they did not exist.
>
>I also added the extra "account" line to the bottom of "login" as requested,
>but is there something wrong with this file which is allowing me to log in
>remotely and via 'su' ?
>
>Thanks again,
>Richard.
>
>
>

--
--
James Cooley
Sr. Systems Analyst
Information Technology
Florida Tech
321-674-7999
jcooley@(protected)

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Earn $52 per hosting referral at Lunarpages.