Hello,
i try to restrict login to local users only. My computer (debian
testing) is integrated in a kerberos/ldap/nfsv4 environment. I have
added the following file
# cat /usr/share/pam-configs/localuser
Name: local user access only
Default: yes
Priority: 512
Account-Type: Primary
Account:
required pam_localuser.so
Account-Initial:
required pam_localuser.so
and run # pam-auth-update
This adds the line "account required pam_localuser.so" at the top of
/etc/pam.d/common-account.
The manpage example of pam_localuser says to add
account sufficient pam_localuser.so
Why should i use sufficient instead of required? When my user account
has expired I'm still able to login, because the pam_unix.so rule is not
used, if the pam_localuser.so rule was successful.
thanks,
pj
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
