Just to finish this one: My goal was to only use pam_access.so if the service was sshd or login.
This configuration in common-account achieves that: account [default=1 success=ignore] pam_succeed_if.so service in sshd:login quiet account required pam_access.so Regards Dominik 2012/8/1 Dominik Klein <dominik.kl...@googlemail.com>: > Well thank you for this delightful answer. > > Yes, one could configure something like > > + : nobody : crond > > But that is something I would like to avoid (which I stated in the > first email) since that would imply having this config on 500+ > machines (each has the same access.conf) > > I am looking for the pam way to achieve this. > > Thanks > Dominik > > 2012/8/1 emmanuel segura <emi2f...@gmail.com>: >> man access.conf >> >> 2012/8/1 Dominik Klein <dominik.kl...@googlemail.com> >>> >>> Hi >>> >>> I included pam_access in common-account in order to manage access to >>> my machines. >>> >>> Now, cronjobs running as www-data or nobody cannot run because there >>> is no entry in the access.conf - and I really don't want an entry for >>> each cronjob. >>> >>> My approach on fixing this was to exclude common-account from >>> /etc/pam.d/cron, but I still get >>> >>> CRON[pid]: pam_access(cron:account) access diened for user "nobody" from >>> "cron" >>> >>> What's the correct (debian) way to deal with this situation? >>> >>> Regards >>> Dominik >>> >>> >>> -- >>> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >>> with a subject of "unsubscribe". Trouble? Contact >>> listmas...@lists.debian.org >>> Archive: >>> http://lists.debian.org/CAHY3NAYAyKoW=ly_knnbke20q0athqosfqqj0ugd2pg_7g7...@mail.gmail.com >>> >> >> >> >> -- >> esta es mi vida e me la vivo hasta que dios quiera -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cahy3naaohprggndrvdp3uifblytei4gzaq2bx5jzijbprxa...@mail.gmail.com