Problem with using both pam_listfile to deny logins and pubkey authentication
Sakari Ailus
sakari.ailus at luukku.com
Thu Feb 14 08:28:19 EST 2002
Hi,
I'm trying to use pam_listfile.so to deny logins from all others but few
users (names in /etc/loginusers). With password authentication it works
fine, but with public key authentication OpenSSH lets in users whose
names arent't in /etc/loginusers. AllowUsers in sshd_config does what
one would expect.
I'm using OpenSSH-3.0.2p1 on Debian testing (package version
1:3.0.2p1-6) and tried this also on stable (OpenSSH package version
1:3.0.1p1-0 from unstable); the situation is same there.
Has anyone else noticed this or is it Debian's or my own problem?
/etc/pam.d/ssh:
---
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow
file=/etc/loginusers onerr=fail
auth required pam_nologin.so
auth required pam_unix.so
auth required pam_env.so # [1]
account required pam_unix.so
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
---
--
Sakari Ailus
sakari.ailus at luukku.com
More information about the openssh-unix-dev
mailing list