From: Pavlov Konstantin <thresh@altlinux.ru>
To: devel@lists.altlinux.org
Subject: [devel] pam, limits, sshd
Date: Fri, 10 Mar 2006 01:13:01 +0300
Message-ID: <200603100113.02383.thresh@altlinux.ru> (raw)
Всем привет.
Есть надобность и в рабочем sshd, и в limit'ах, заданных
в /etc/security/limits.conf
Когда в /etc/pam.d/system-auth есть строчка с pam_limits.so, sshd не пускает
пользователя с последующим сообщением в логе:
Mar 10 00:51:54 exchange sshd[26437]: Accepted password for thresh from
172.16.127.2 port 54122 ssh2
Mar 10 00:51:56 exchange sshd[26447]: fatal: PAM session setup failed[6]:
Permission denied
Собственно содержимое system-auth:
#%PAM-1.0
auth sufficient /lib64/security/pam_mysql.so user=nssuser passwd=passwd
host=/var/lib/mysql/mysql.sock db=nss table=users usercolumn=user_name
passwdcolumn=passwd crypt=0 verbose=1
auth required pam_tcb.so shadow fork prefix=$2a$ count=8 nullok
account sufficient /lib64/security/pam_mysql.so user=nssuser passwd=passwd
host=/var/lib/mysql/mysql.sock db=nss table=users usercolumn=user_name
passwdcolumn=passwd crypt=0 verbose=1
account required pam_tcb.so shadow fork
account required pam_mktemp.so
password sufficient /lib64/security/pam_mysql.so user=nssuser passwd=passwd
host=/var/lib/mysql/mysql.sock db=nss table=users usercolumn=user_name
passwdcolumn=passwd crypt=0 verbose=1 use_authtok
password required pam_passwdqc.so min=disabled,24,12,8,7 max=40
passphrase=3 match=4 similar=deny random=42 enforce=users retry=3
password required pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8
nullok write_to=tcb
session optional /lib64/security/pam_mysql.so user=nssuser passwd=passwd
host=/var/lib/mysql/mysql.sock db=nss table=users usercolumn=user_name
passwdcolumn=passwd crypt=0 verbose=1
session required pam_limits.so
session required pam_tcb.so
Аналогично себя ведет ssh и при session required pam_limits.so
в /etc/pam.d/sshd.
Что сделать для того, чтобы лимиты работали в системе и/или в чем я неправ,
настраивая PAM?
--
Pavlov Konstantin,
ALT Linux Team,
jid: thresh@altlinux.org
next reply other threads:[~2006-03-09 22:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-09 22:13 Pavlov Konstantin [this message]
2006-03-10 11:49 ` Vitaly Ostanin
2006-03-10 12:51 ` Pavlov Konstantin
2006-03-10 14:50 ` [devel] [JT] " Michael Shigorin
2006-03-10 15:03 ` Pavlov Konstantin
2006-03-10 15:20 ` Anton Gorlov
2006-03-10 21:17 ` Vitaly Lipatov
2006-03-10 21:27 ` Pavlov Konstantin
2006-03-16 22:06 ` Vitaly Lipatov
2006-03-16 22:26 ` Dmitry V. Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200603100113.02383.thresh@altlinux.ru \
--to=thresh@altlinux.ru \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git