Denying /dev/null shell accounts

Kevin Bonner keb at pa.net
Wed Oct 26 00:07:59 CEST 2005


On Tuesday 25 October 2005 16:42, Scott Walker wrote:
> Hi All,
> I have requirements that I prevent users with a shell of /dev/null from
> authenticating against freeradius server.
>
> Using the rpm provided with RHEL4.0:
> radiusd: FreeRADIUS Version 1.0.1
>
> I am using the unix module and pam. /dev/null is not listed as a valid
> shell in /etc/shells, and accounts with /dev/null are currently able to
> log in (via the DEFAULT entry in the users file).  /etc/passwd is not
> used and accounts are stored on a ldap server.
>
> Any ideas around this?

Google for "PAM /etc/shells auth".  I got lucky and found an answer in the 
first link.

#auth       required    /lib/security/pam_shells.so

You still should read PAM docs to determine where to put this line.

Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051025/e110dee7/attachment.pgp>


More information about the Freeradius-Users mailing list