[plug] Login Restrictions
Craig Ringer
craig at postnewspapers.com.au
Sun Jul 18 00:49:10 WST 2004
On Sat, 2004-07-17 at 19:14, James Devenish wrote:
> In message <6.1.2.0.2.20040717170923.01dde9a8 at 127.0.0.1>
> on Sat, Jul 17, 2004 at 05:12:08PM +0800, Tim White wrote:
> > I wish to be able to prevent a user from local[1] login without preventing
> > network access. I know that putting /bin/false in for their shell will
> > prevent text based logins but not graphical logins.
>
> Okay, don't change your users' shells (because that will interfere with
> SSH). Console text logins are usually mediated by processes called
> `getty` or `ttymon` (name varies with platform) which will then hand off
> to `login` once a username and password are entered. On your system, it
> is possible that `login` will use "PAM" for authentication. If so, have
> a look at /etc/security/access.conf.
I'd also advise you to look at pam_console - it might provide a quick
and easy solution. While it's normally used to _grant_ extra access to
console users, it should be quite capable of doing the reverse.
--
Craig Ringer
More information about the plug
mailing list