Re: login.access, login and su.
Good afternoon, I need to restric the access to some accounts, we are using FreeBSD 4.10, this is the configuration for "login" in /etc/pam.conf login authsufficient pam_skey.so login authsufficient pam_opie.so no_fake_prompts #login authrequisite pam_opieaccess.so login authrequisite pam_cleartext_pass_ok.so #login authsufficient pam_kerberosIV.so try_first_pass #login authsufficient pam_krb5.so try_first_pass login authrequiredpam_unix.so try_first_pass login account requiredpam_unix.so login password required pam_permit.so login session requiredpam_permit.so And this is the content of /etc/login.access: -:ALL EXCEPT user user1 : ALL If we do "su - user3" in FreeBSD 4.10 the result is that we become "user3" succesfully, and no restricction message appears. % su - user3 %whoami %user3 With FreeBSD 6.1/6.2, we are able to restrict the access if the account isn't appear in /etc/login.access, for example: -:ALL EXCEPT user user1 user2 : ALL And this is the content of /etc/pamd./login: # PAM configuration for the "login" service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system # account account requisite pam_securetty.so account include system # session session include system # password passwordinclude system If we are using the account "user" and whant to change to "user3" using "su -" this never happen: % su - user3 pam_login_access: pam_sm_acct_mgmt: user3 is not allowed to log in on /dev/ttyp0 su: Sorry Which is exactly what we need, but for FreeBSD 4.10. There are differences between 4.10 and 6.1/6.2 for the configuration of PAM and all it's modules, but the configuration for login.acces is the same. We read the documentation at the FreeBSD site about login.access and there is no difference for the sintaxis of this file. We also had read the man for login/pam/login.conf/login.access. The file "login.conf" is the same for 4.10 and 6.1/6.2, we didn't modified it's content. Is there another configuration file we are missing that should be modified to restrict the "user" become "user3" using "su -" in FreeBSD 4.10? P.D. I sent this message (twice) from gmail.com, but until now, it's doesn't appear in the historic of the list or in my gmail inbox. Any ideas/suggestions? -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
login.access, login and su.
Good afternoon, I need to restric the access to some accounts, we are using FreeBSD 4.10, this is the configuration for "login" in /etc/pam.conf login authsufficient pam_skey.so login authsufficient pam_opie.so no_fake_prompts #login authrequisite pam_opieaccess.so login authrequisite pam_cleartext_pass_ok.so #login authsufficient pam_kerberosIV.so try_first_pass #login authsufficient pam_krb5.so try_first_pass login authrequiredpam_unix.so try_first_pass login account requiredpam_unix.so login password required pam_permit.so login session requiredpam_permit.so And this is the content of /etc/login.access: -:ALL EXCEPT user user1 : ALL If we do "su - user3" in FreeBSD 4.10 the result is that we become "user3" succesfully, and no restricction message appears. % su - user3 %whoami %user3 With FreeBSD 6.1/6.2, we are able to restrict the access if the account isn't appear in /etc/login.access, for example: -:ALL EXCEPT user user1 user2 : ALL And this is the content of /etc/pamd./login: # PAM configuration for the "login" service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system # account account requisite pam_securetty.so account include system # session session include system # password passwordinclude system If we are using the account "user" and whant to change to "user3" using "su -" this never happen: % su - user3 pam_login_access: pam_sm_acct_mgmt: user3 is not allowed to log in on /dev/ttyp0 su: Sorry Which is exactly what we need, but for FreeBSD 4.10. There are differences between 4.10 and 6.1/6.2 for the configuration of PAM and all it's modules, but the configuration for login.acces is the same. We read the documentation at the FreeBSD site about login.access and there is no difference for the sintaxis of this file. We also had read the man for login/pam/login.conf/login.access. The file "login.conf" is the same for 4.10 and 6.1/6.2, we didn't modified it's content. Is there another configuration file we are missing that should be modified to restrict the "user" become "user3" using "su -" in FreeBSD 4.10? P.D. I sent this message (twice) from gmail.com, but until now, it's doesn't appear in the historic of the list or in my gmail inbox. ¡Capacidad ilimitada de almacenamiento en tu correo! No te preocupes más por el espacio de tu cuenta con Correo Yahoo!: http://correo.yahoo.com.mx/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
login.access, login and su.
Good afternoon, I need to restric the access to some accounts, we are using FreeBSD 4.10, this is the configuration for "login" in /etc/pam.conf login authsufficient pam_skey.so login authsufficient pam_opie.so no_fake_prompts #login authrequisite pam_opieaccess.so login authrequisite pam_cleartext_pass_ok.so #login authsufficient pam_kerberosIV.so try_first_pass #login authsufficient pam_krb5.so try_first_pass login authrequiredpam_unix.so try_first_pass login account requiredpam_unix.so login password required pam_permit.so login session requiredpam_permit.so And this is the content of /etc/login.access: -:ALL EXCEPT user user1 : ALL If we do "su - user3" in FreeBSD 4.10 the result is that we become "user3" succesfully, and no restricction message appears. % su - user3 %whoami %user3 With FreeBSD 6.1/6.2, we are able to restrict the access if the account isn't appear in /etc/login.access, for example: -:ALL EXCEPT user user1 user2 : ALL And this is the content of /etc/pamd./login: # PAM configuration for the "login" service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system # account account requisite pam_securetty.so account include system # session session include system # password passwordinclude system If we are using the account "user" and whant to change to "user3" using "su -" this never happen: % su - user3 pam_login_access: pam_sm_acct_mgmt: user3 is not allowed to log in on /dev/ttyp0 su: Sorry Which is exactly what we need, but for FreeBSD 4.10. There are differences between 4.10 and 6.1/6.2 for the configuration of PAM and all it's modules, but the configuration for login.acces is the same. We read the documentation at the FreeBSD site about login.access and there is no difference for the sintaxis of this file. We also had read the man for login/pam/login.conf/login.access. The file "login.conf" is the same for 4.10 and 6.1/6.2, we didn't modified it's content. Is there another configuration file we are missing that should be modified to restrict the "user" become "user3" using "su -" in FreeBSD 4.10? -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
login.access, login and su.
Good afternoon, I need to restric the access to some accounts, we are using FreeBSD 4.10, this is the configuration for "login" in /etc/pam.conf login authsufficient pam_skey.so login authsufficient pam_opie.so no_fake_prompts #login authrequisite pam_opieaccess.so login authrequisite pam_cleartext_pass_ok.so #login authsufficient pam_kerberosIV.so try_first_pass #login authsufficient pam_krb5.so try_first_pass login authrequiredpam_unix.so try_first_pass login account requiredpam_unix.so login password required pam_permit.so login session requiredpam_permit.so And this is the content of /etc/login.access: -:ALL EXCEPT user user1 : ALL If we do "su - user3" in FreeBSD 4.10 the result is that we become "user3" succesfully, and no restricction message appears. % su - user3 %whoami %user3 With FreeBSD 6.1/6.2, we are able to restrict the access if the account isn't appear in /etc/login.access, for example: -:ALL EXCEPT user user1 user2 : ALL And this is the content of /etc/pamd./login: # PAM configuration for the "login" service # # auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system # account account requisite pam_securetty.so account include system # session session include system # password passwordinclude system If we are using the account "user" and whant to change to "user3" using "su -" this never happen: % su - user3 pam_login_access: pam_sm_acct_mgmt: user3 is not allowed to log in on /dev/ttyp0 su: Sorry Which is exactly what we need, but for FreeBSD 4.10. There are differences between 4.10 and 6.1/6.2 for the configuration of PAM and all it's modules, but the configuration for login.acces is the same. We read the documentation at the FreeBSD site about login.access and there is no difference for the sintaxis of this file. We also had read the man for login/pam/login.conf/login.access. The file "login.conf" is the same for 4.10 and 6.1/6.2, we didn't modified it's content. Is there another configuration file we are missing that should be modified to restrict the "user" become "user3" using "su -" in FreeBSD 4.10? -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"