Problem with using both pam_listfile to deny logins and pubkey authentication

Damien Miller djm at
Thu Feb 14 08:45:29 EST 2002

On Wed, 13 Feb 2002, Sakari Ailus wrote:

> Hi,
> I'm trying to use to deny logins from all others but few 
> users (names in /etc/loginusers). With password authentication it works 
> fine, but with public key authentication OpenSSH lets in users whose 
> names arent't in /etc/loginusers. AllowUsers in sshd_config does what 
> one would expect.

> auth       required item=user sense=allow 
> file=/etc/loginusers onerr=fail

We bypass auth modules for public key authentication. If you can get the
listfile module to run as an 'account' or 'session' module it should

Alternately you could use OpenSSH's builtin Allow/DenyUser functionality.


More information about the openssh-unix-dev mailing list