I have problem with access.conf in openssh 3.8.1p1

From: Sławomir Krampa (w3slawek_at_gdansk.home.pl)
Date: 07/27/04

  • Next message: Michael Selvesteen: "Sftp & umask" 
    Date: Tue, 27 Jul 2004 12:41:22 +0200
To: secureshell@securityfocus.com

    I compiled openssh 3.8.1p1 with PAM and configured:
    1) /etc/ssh/sshd_config: USEPAM yes
    2) added in /etc/pam.d/sshd: account required /lib/security/pam_access.
    so
    3) added in /etc/security/access.conf: -:root:ALL EXCEPT root:console

    unfortunately it didn't work.
    When I checked issue with strace I noticed that sshd not jumped to
    /etc/security/access.conf in spite of he is reading pam_access.so
    I tried with 'account required /lib/security/apm_access.so
    accessfile=/etc/security/access.conf', but didn't work also.

    Any idea? If you know, please help me!
    Sławek

  • Next message: Michael Selvesteen: "Sftp & umask"

    Relevant Pages

    • I have problem with access.conf in openssh 3.8.1p1
      ... I compiled openssh 3.8.1p1 with PAM and configured: ... When I checked issue with strace I noticed that sshd not jumped to ...
      (comp.security.ssh)
    • Re: Software for distribution of configuration files and changes
      ... accepting keyboard-interactive/pam. ... This affects all users, and not just root. ... But without PAM, sshd just prompts for password in a little different way. ...
      (freebsd-stable)
    • Re: cannot start sshd on cygwin- win xp
      ... I have since reinstalled cygwin, ... I found that the strace command, started sshd and sort of occupied ... cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error ...
      (comp.security.ssh)
    • RE: PAM and SSH
      ... It appears that for sshd, sshusers would have to be their primary group ... The nsswitch.conf list files and winbind for groups but the ssh documentation said that only primary groups were used. ... Perhaps a simple PAM module that takes a network description and succeeds if the user's IP is on that network would not be a huge task. ...
      (SSH)
    • Re: OpenSSH and pam_krb5
      ... > with GSSAPI and PAM authentication. ... this data is present in a separate process (the "authentication ... application (ie sshd). ...
      (SSH)