Good afternoon,

 I need to restric the access to some accounts, we are
 using FreeBSD
 4.10, this is the configuration for "login" in

 login   auth    sufficient
 login   auth    sufficient
 #login  auth    requisite
 login   auth    requisite
 #login  auth    sufficient
 #login  auth    sufficient
 login   auth    required
 login   account required
 login   password required
 login   session required

 And this is the content of /etc/login.access:

 -:ALL EXCEPT user user1 : ALL

 If we do "su - user3" in FreeBSD 4.10 the result is
 that we become
 "user3" succesfully, and no restricction message

 % su - user3

 With FreeBSD 6.1/6.2, we are able to restrict the
 access if the
 account isn't appear in /etc/login.access, for

 -:ALL EXCEPT user user1 user2 : ALL

 And this is the content of /etc/pamd./login:

 # PAM configuration for the "login" service

 # auth
 auth            required
 auth            sufficient
 auth            include         system

 # account
 account         requisite
 account         include         system

 # session
 session         include         system

 # password
 password        include         system

 If we are using the account "user" and whant to change
 to "user3"
 using "su -" this never happen:

 % su - user3
 pam_login_access: pam_sm_acct_mgmt: user3 is not
 allowed to log in on /dev/ttyp0
 su: Sorry

 Which is exactly what we need, but for FreeBSD 4.10.

 There are differences between 4.10 and 6.1/6.2 for the
 of PAM and all it's modules, but the configuration for
 login.acces is
 the same.

 We read the documentation at the FreeBSD site about
 login.access and
 there is no difference for the sintaxis of this file.

 We also had read the man for

 The file "login.conf" is the same for 4.10 and
 6.1/6.2, we didn't
 modified it's content.

 Is there another configuration file we are missing
 that should be
 modified to restrict the "user" become "user3" using
 "su -" in FreeBSD

 P.D. I sent this message (twice) from, but
 until now, it's doesn't appear in the historic of the
 list or in my gmail inbox.

Any ideas/suggestions?

()  ascii ribbon campaign - against html e-mail
/\  - against proprietary attachments
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to