Pam Authorization Problem
jesk
jesk at killall.org
Wed Nov 10 10:43:36 PST 2004
> huh? as in a user that more or less does *not* exist on your system can
log
> in? do you have any other authentication modules that the system falls to?
Sure, authentication is enabled too, but i want to limit access through
authorization.
here my whole pam.d/sshd configuration:
---
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
auth sufficient /usr/local/lib/pam_ldap.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_login_access.so
account sufficient /usr/local/lib/pam_ldap.so
account required pam_unix.so
# session
session required pam_permit.so
# password
password required pam_unix.so no_warn
try_first_pass
---
when i login to the system i become the message:
---
You must be a uniqueMember of cn=klever,ou=hosts,dc=xxx,dc=xxx,dc=xxx to
login.
---
but exactly this is not true, then why i can login?
More information about the freebsd-stable
mailing list