[torqueusers] Re: hostbased ssh mini-howto
Daniel Widyono
widyono at seas.upenn.edu
Thu Nov 3 13:43:15 MST 2005
Greetings,
I forgot one thing (** very important for not locking out root **):
On Server side:
/etc/security/access.conf
-:ALL EXCEPT root:ALL
This is involved in the pam_access.so line below, which prevents root from
getting locked out even when root isn't listed in /etc/pbs_sshauth.
Regards,
Dan W.
> /etc/pam.d/sshd (modified to use pam_listfile.so for access control)
> #%PAM-1.0
> # obviously on compute nodes only
> auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
> account required pam_stack.so service=system-auth
> account sufficient pam_access.so
> account required pam_listfile.so file=/etc/pbs_sshauth onerr=fail sense=allow item=user
> password required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
More information about the torqueusers
mailing list