![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2015-10-20
目錄
- pam_nologin
- pam_sepermit
pam_nologin
當有 /etc/nologin 檔存在時, 只有 root 才能 login
Test:
Client 第一次時, Client 會見到:
Access denied
第二次錯, Server 會有 log
fatal: Access denied for user tim by PAM account configuration [preauth]
修改了 /etc/pam.d/sshd 後, 要 service restart sshd 才有效
pam_sepermit
PAM module to allow/deny login depending on SELinux enforcement state
When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode.
Config File
/etc/security/sepermit.conf
The config file contains a list of user names one per line with optional arguments.
prefixed with @ character it means that all users in the group name
% character the SELinux user is used to match against the name instead of the account name.
(Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined.)
