Changeset 1068


Ignore:
Timestamp:
Apr 7, 2009, 5:29:01 PM (14 years ago)
Author:
quentin
Message:
Disallow root keyboard-interactive logins
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/fedora/config/etc/pam.d/sshd

    r423 r1068  
    22# Authentication modules
    33
    4 # If they're not root, but their user exists (success),
    5 auth    [success=ignore ignore=ignore default=1]        pam_succeed_if.so uid > 0
     4# If their user exists (success),
     5auth    [success=ignore ignore=ignore default=1]        pam_succeed_if.so uid >= 0
    66# print the "You don't have tickets" error:
    77auth    [success=die ignore=reset default=die]  pam_echo.so file=/etc/issue.net.no_tkt
    8 # If !(they are root),
    9 auth    [success=1 ignore=ignore default=ignore]        pam_succeed_if.so uid eq 0
    10 # print the "your account doesn't exist" error:
     8# else print the "your account doesn't exist" error:
    119auth    [success=die ignore=reset default=die]  pam_echo.so file=/etc/issue.net.no_user
    1210
Note: See TracChangeset for help on using the changeset viewer.