| 1 |
On Tuesday 10 August 2004 12:49, Adrian CAPDEFIER wrote: |
| 2 |
> Thank you, Paul! You helped me again :). That did the trick with |
| 3 |
> password logins. |
| 4 |
> I don't understand the p.s. though. |
| 5 |
> Who sets the passwords when remotely logged in? |
| 6 |
|
| 7 |
Enough people. Note that this password item means that sshd will not allow the |
| 8 |
setting of passwords (which as far as I know is not a functionality of sshd) |
| 9 |
|
| 10 |
> I set password only to pam_deny.so and i was still able to change those |
| 11 |
> passwords so now my file looks like this (comments excluded) |
| 12 |
|
| 13 |
That is correct. The password changing (by passwd, for gnome / kde utilities |
| 14 |
it may be a different identifier) is controlled by /etc/pam.d/passwd |
| 15 |
|
| 16 |
> |
| 17 |
> neuro root # cat /etc/pam.d/sshd |
| 18 |
> |
| 19 |
> auth required pam_deny.so |
| 20 |
> account required pam_unix.so |
| 21 |
> password required pam_deny.so |
| 22 |
> session required pam_unix.so |
| 23 |
> session required pam_limits.so |
| 24 |
|
| 25 |
|
| 26 |
This looks ok. Make sure that when you try to change other parts of the pam |
| 27 |
configuration that you read through the various manual pages to find out what |
| 28 |
the modules do, and how things work exactly. A misconfigured pam is an easy |
| 29 |
way to open up a system. |
| 30 |
|
| 31 |
Paul |
| 32 |
|
| 33 |
-- |
| 34 |
Paul de Vrieze |
| 35 |
Gentoo Developer |
| 36 |
Mail: pauldv@g.o |
| 37 |
Homepage: http://www.devrieze.net |
Archives