First you should enable pam_access.so:
- Unlink "/etc/pam.d/system-auth", which is a link to "/etc/pam.d/system-auth-ac".
- Create a new "/etc/pam.d/system-auth", includes all settings from "/etc/pam.d/system-auth-ac", like this:
auth include system-auth-ac
account include system-auth-ac
password include system-auth-ac
session include system-auth-ac - Insert "pam_access.so":
auth include system-auth-ac
account required pam_access.so
account include system-auth-ac
password include system-auth-ac
session include system-auth-ac
Now you can config pam_access.so by editing "/etc/security/access.conf", like this:
+ : player : LOCAL
- : player : ALL
For more info, read "man access.conf".
1 comment:
Short way:
In file
/etc/pam.d/ssh
Uncomment the line:
account required pam_access.so
In file
/etc/security/access.conf
Add the line:
-:abc:ALL EXCEPT LOCAL
Post a Comment