|
原来在RHEL3上可以用pam.d/login来限制,RHEL4上好像不起作用了。
- login:
- #%PAM-1.0
- auth required pam_securetty.so
- auth required pam_stack.so service=system-auth
- auth required pam_nologin.so
- account required pam_stack.so service=system-auth
- password required pam_stack.so service=system-auth
- # pam_selinux.so close should be the first session rule
- #session required pam_selinux.so close
- session required pam_stack.so service=system-auth
- session optional pam_console.so
- # pam_selinux.so open should be the last session rule
- #session required pam_selinux.so multiple open
- auth required pam_access.so
- account required pam_access.so
- access.conf
- # Disallow console logins to all but a few accounts.
- #
- #-:ALL EXCEPT wheel shutdown sync:LOCAL
- #
- # Disallow non-local logins to privileged accounts (group wheel).
- #
- #-:wheel:ALL EXCEPT LOCAL .win.tue.nl
- #
- # Some accounts are not allowed to login from anywhere:
- #
- #-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
- #
- # All other accounts are allowed to login from anywhere.
- #
- -:test:ALL
复制代码
按理test user从哪都不应该能登录,可是没用。 |
|