[...] Habe nun die Reihenfolge auch einmal umgedreht, aber hat nichts gebracht. Die Datei /etc/acl/ssh.acl hat nat�rlich richtige Syntax.
$ cat /etc/pam.d/ssh # PAM configuration for the Secure Shell service #Nur Gruppen welche sich in /etc/acl/ssh.acl befinden, duerfen einloggen. auth required pam_listfile.so file=/etc/acl/ssh.acl item=group sense=allow onerr=succeed auth required pam_nologin.so auth required pam_env.so # Standard Un*x authentication. @include common-auth # Standard Un*x authorization. @include common-account # Standard Un*x session setup and teardown. @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] #session required pam_limits.so # Standard Un*x password updating. @include common-password $ cat /etc/pam.d/common-* # /etc/pam.d/common-account - authorization settings common to all services # account sufficient pam_ldap.so use_first_pass debug account required pam_unix.so # # /etc/pam.d/common-auth - authentication settings common to all services # auth sufficient pam_ldap.so use_first_pass debug auth required pam_unix.so nullok_secure # # /etc/pam.d/common-password - password-related modules common to all services # password sufficient pam_ldap.so use_first_pass debug password required pam_unix.so nullok obscure min=4 max=8 md5 shadow use_authtok password required pam_cracklib.so retry=3 minlen=6 difok=3 # # /etc/pam.d/common-session - session-related modules common to all services # session sufficient pam_ldap.so use_first_pass debug session required pam_unix.so
