[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spaces in names in /etc/security/access.conf
Actually, I was wrong. Further testing shows that pam_access simply does not work as advertised. Those Windows groups with spaces can't be used. 
A similar configuration on CentOS does work.
Same with pam_listfile, which works on CentOS, doesn't on Debian. I'm unsure where the problem is, Samba or PAM, and the logs are not very helpful. 

Laurent


Le 08/13/2010 06:15 PM, Laurent Blume a écrit :

Le 08/12/2010 06:25 PM, Camaleón a écrit :

Better "RTCM" → Read The *Correct* Manual


Well, «Correct» is a stretch.

I just found out that you need to put *exactly* this as a pam_access
parameter:

listsep = ,

If you don't put the spaces (as in the manual's example), then the
content of access.conf will be silently ignored, and everybody be
allowed to log in.

The line there looks like this:

-:ALL EXCEPT root,(ldapgroup),(DOMAIN+windows users):ALL


Replacing the remaining spaces by commas also works, but doesn't appear
to be necessary.

Laurent
Reply to: