mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-05-02 21:34:54 -04:00
use pam_acccess only for /etc/pam.d/login
remove "Allow members of group 'ssh' to login." remove "+:ssh:ALL EXCEPT LOCAL"
This commit is contained in:
Patrick Schleizer
parent
22b6480bc4
commit
729fa26eca
4 changed files with 25 additions and 50 deletions
21
usr/lib/security-misc/pam_only_if_login
Executable file
21
usr/lib/security-misc/pam_only_if_login
Executable file
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files
|
||||
|
||||
set -x
|
||||
|
||||
true "PAM_SERVICE: $PAM_SERVICE"
|
||||
|
||||
if [ "$PAM_SERVICE" = "login" ]; then
|
||||
## FIXME:
|
||||
## Creates unwanted journal log entry.
|
||||
## pam_exec(login:account): /usr/lib/security-misc/pam_only_if_login failed: exit code 1
|
||||
exit 1
|
||||
else
|
||||
## exit success so [success=1 default=ignore] will result in skipping the
|
||||
## next pam module.
|
||||
exit 0
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue