Problem with using both pam_listfile to deny logins and pubkey authentication
Damien Miller
djm at mindrot.org
Thu Feb 14 08:45:29 EST 2002
On Wed, 13 Feb 2002, Sakari Ailus wrote:
> Hi,
>
> I'm trying to use pam_listfile.so to deny logins from all others but few
> users (names in /etc/loginusers). With password authentication it works
> fine, but with public key authentication OpenSSH lets in users whose
> names arent't in /etc/loginusers. AllowUsers in sshd_config does what
> one would expect.
> auth required pam_listfile.so item=user sense=allow
> file=/etc/loginusers onerr=fail
We bypass auth modules for public key authentication. If you can get the
listfile module to run as an 'account' or 'session' module it should
work.
Alternately you could use OpenSSH's builtin Allow/DenyUser functionality.
-d
More information about the openssh-unix-dev
mailing list