1 |
On Tuesday 10 August 2004 12:49, Adrian CAPDEFIER wrote: |
2 |
> Thank you, Paul! You helped me again :). That did the trick with |
3 |
> password logins. |
4 |
> I don't understand the p.s. though. |
5 |
> Who sets the passwords when remotely logged in? |
6 |
|
7 |
Enough people. Note that this password item means that sshd will not allow the |
8 |
setting of passwords (which as far as I know is not a functionality of sshd) |
9 |
|
10 |
> I set password only to pam_deny.so and i was still able to change those |
11 |
> passwords so now my file looks like this (comments excluded) |
12 |
|
13 |
That is correct. The password changing (by passwd, for gnome / kde utilities |
14 |
it may be a different identifier) is controlled by /etc/pam.d/passwd |
15 |
|
16 |
> |
17 |
> neuro root # cat /etc/pam.d/sshd |
18 |
> |
19 |
> auth required pam_deny.so |
20 |
> account required pam_unix.so |
21 |
> password required pam_deny.so |
22 |
> session required pam_unix.so |
23 |
> session required pam_limits.so |
24 |
|
25 |
|
26 |
This looks ok. Make sure that when you try to change other parts of the pam |
27 |
configuration that you read through the various manual pages to find out what |
28 |
the modules do, and how things work exactly. A misconfigured pam is an easy |
29 |
way to open up a system. |
30 |
|
31 |
Paul |
32 |
|
33 |
-- |
34 |
Paul de Vrieze |
35 |
Gentoo Developer |
36 |
Mail: pauldv@g.o |
37 |
Homepage: http://www.devrieze.net |