Denying /dev/null shell accounts
Kevin Bonner
keb at pa.net
Wed Oct 26 00:07:59 CEST 2005
On Tuesday 25 October 2005 16:42, Scott Walker wrote:
> Hi All,
> I have requirements that I prevent users with a shell of /dev/null from
> authenticating against freeradius server.
>
> Using the rpm provided with RHEL4.0:
> radiusd: FreeRADIUS Version 1.0.1
>
> I am using the unix module and pam. /dev/null is not listed as a valid
> shell in /etc/shells, and accounts with /dev/null are currently able to
> log in (via the DEFAULT entry in the users file). /etc/passwd is not
> used and accounts are stored on a ldap server.
>
> Any ideas around this?
Google for "PAM /etc/shells auth". I got lucky and found an answer in the
first link.
#auth required /lib/security/pam_shells.so
You still should read PAM docs to determine where to put this line.
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051025/e110dee7/attachment.pgp>
More information about the Freeradius-Users
mailing list