Help with pam_abl package
Dimitri Yioulos
dyioulos at firstbhph.com
Tue Apr 5 19:44:50 UTC 2011
On Tuesday 05 April 2011 12:22:54 pm Phusion
wrote:
> I'm having a problem with the pam_abl package.
> I've already emailed the programs author, but
> didn't get a reply back. I'm having trouble
> setting up a rule to exclude to users. One user
> is the root user while the other is a local
> account. I've tried multiple things, but they
> don't seem to work. The rules seem to only not
> include the root user.
>
> This does exclude the root user, but not the
> localacct user.
>
> #debug
> user_db=/var/db/pam_abl/users.db
> user_rule=!root|!localacct:5/60d
>
> This next one doesn't seem to work either.
>
> #debug
> user_db=/var/db/pam_abl/users.db
> user_rule=!root:5/60d !localacct:5/60d
>
> Please advise.
>
> Phusion
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freeb
>sd-questions To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
You might want to try the following (from the
pam_abl documentation):
Multiple rules can be provided separated by spaces
like this
*:10/1h root:5/1h,10/1d
in which case all rules that match a particular
user and service will be checked. The user or
host will be blocked if any of the rule triggers
matches. The sense of the user matching can be
inverted by placing a '!' in front of the rule so
that
!root:20/1d
is a rule which would match for all users apart
from root. It is important to treat root as a
special case in the user_rule otherwise excessive
attempts to authenticate as root will result in
the root account being locked out even for valid
holders of root credentials.
HTH.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-questions
mailing list