Help with pam_abl package

Dimitri Yioulos dyioulos at firstbhph.com
Tue Apr 5 19:44:50 UTC 2011


On Tuesday 05 April 2011 12:22:54 pm Phusion 
wrote:
> I'm having a problem with the pam_abl package.
> I've already emailed the programs author, but
> didn't get a reply back. I'm having trouble
> setting up a rule to exclude to users. One user
> is the root user while the other is a local
> account. I've tried multiple things, but they
> don't seem to work. The rules seem to only not
> include the root user.
>
> This does exclude the root user, but not the
> localacct user.
>
> #debug
> user_db=/var/db/pam_abl/users.db
> user_rule=!root|!localacct:5/60d
>
> This next one doesn't seem to work either.
>
> #debug
> user_db=/var/db/pam_abl/users.db
> user_rule=!root:5/60d !localacct:5/60d
>
> Please advise.
>
> Phusion
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freeb
>sd-questions To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"


You might want to try the following (from the 
pam_abl documentation):


Multiple rules can be provided separated by spaces 
like this

*:10/1h root:5/1h,10/1d

in which case all rules that match a particular 
user and service will be checked. The user or 
host will be blocked if any of the rule triggers 
matches. The sense of the user matching can be 
inverted by placing a '!' in front of the rule so 
that

!root:20/1d

is a rule which would match for all users apart 
from root. It is important to treat root as a 
special case in the user_rule otherwise excessive 
attempts to authenticate as root will result in 
the root account being locked out even for valid 
holders of root credentials.


HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the freebsd-questions mailing list