[Date Prev][Date Next]
Re: problem with group membership enforcement
> > Why was I allowed to log in? This is baffling.
> > account sufficient /lib/security/pam_ldap.so
> Here is your problem. "account" must be set to "required" to
> enforce the group membership. Be careful, though!! This
> is enforced for *all* users, including root. So if a valid
> root account is not in that groups, root cannot log in.
auth required /lib/security/pam_listfile.so onerr=fail item=group
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
$ cat /etc/security/login_limit_list.conf