[oclug] restrict login
Woogie
woogie at gmail.com
Fri Oct 1 20:45:38 EDT 2010
You could try looking into using pam_exec in combination with a simple
shell script to test for the presence of the home directory, maybe
something like this:
#!/bin/bash
if [ -d $PAM_USER ] ; then
exit 0
else
exit 1
fi
In combination with a pam line that looks like:
auth required pam_exec.so quiet check_home.sh
I'm not sure if that will work though, I don't have a pam enabled
system to play with right now.
On Fri, Oct 1, 2010 at 7:52 PM, Dumitru Ciobanu
<ciobanu.dumitru at gmail.com> wrote:
> No, these users are "ldap usersers", so they don't have a local
> account, no entry in the /etc/passwd.
>
> On Fri, Oct 1, 2010 at 7:14 PM, Woogie <woogie at gmail.com> wrote:
>> Do users who have home directories set up also have an entry in
>> /etc/passwd? If so, you could use the pam_localuser module to restrict
>> access to users who are in /etc/passwd. It could be a simple cron-job
>> to sync the /home/* directories with /etc/passwd entries.
>> pam_localuser can also read from a specified file other than
>> /etc/passwd, if you don't want to be messing around with it.
>>
>> On Fri, Oct 1, 2010 at 6:54 PM, Dumitru Ciobanu
>> <ciobanu.dumitru at gmail.com> wrote:
>>> Hi guys,
>>>
>>> I was wondering if anybody knows of a way of restricting logins for
>>> users that don't have a home directory setup.
>>> This is happening in an ldap environment (the linux boxes are ldap
>>> clients for Active Directory). We are running RHEL 5.5 and RedHat
>>> support has no clue if it's possible.
>>> Right know if the user does not have a home directory (or just bad
>>> permissions) it gets logged in and lands in /.
>>> In HP-UX for example one can tweak that through /etc/default/security.
>>> I'm looking for something similar in Linux or maybe some fancy pam module.
>>>
>>> Thanks in advance,
>>>
>>> Dumitru
>>>
>>> --
>>> =====================
>>>
>>> Dumitru Ciobanu
>>> ciobanu.dumitru at gmail.com
>>> --
>>> OCLUG general discussion list
>>> OCLUG at lists.oclug.on.ca
>>> http://oclug.on.ca/mailman/listinfo/oclug
>>>
>>
>>
>>
>> --
>> Evil will always triumph, because good is dumb
>> --
>> OCLUG general discussion list
>> OCLUG at lists.oclug.on.ca
>> http://oclug.on.ca/mailman/listinfo/oclug
>>
>
>
>
> --
> =====================
>
> Dumitru Ciobanu
> ciobanu.dumitru at gmail.com
> --
> OCLUG general discussion list
> OCLUG at lists.oclug.on.ca
> http://oclug.on.ca/mailman/listinfo/oclug
>
--
Evil will always triumph, because good is dumb
More information about the OCLUG
mailing list