Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
H
HPCasCode
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
hpc-team
HPCasCode
Commits
a0853d76
Commit
a0853d76
authored
6 years ago
by
Gin Tan (Monash University)
Browse files
Options
Downloads
Patches
Plain Diff
Adding one line to restrict access to systems user when nologin file is created
parent
08735a21
No related branches found
No related tags found
1 merge request
!200
Pamd
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
roles/pam_sshd/tasks/main.yml
+5
-0
5 additions, 0 deletions
roles/pam_sshd/tasks/main.yml
roles/pam_sshd/templates/sshd.j2
+21
-0
21 additions, 0 deletions
roles/pam_sshd/templates/sshd.j2
with
26 additions
and
0 deletions
roles/pam_sshd/tasks/main.yml
0 → 100644
+
5
−
0
View file @
a0853d76
-
name
:
"
Copy
password
sshd
pam
config"
template
:
src=sshd.j2 dest=/etc/pam.d/sshd
become
:
true
become_user
:
root
This diff is collapsed.
Click to expand it.
roles/pam_sshd/templates/sshd.j2
0 → 100644
+
21
−
0
View file @
a0853d76
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup systems
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
This diff is collapsed.
Click to expand it.
Andreas Hamacher
@handreas
mentioned in commit
5bbc6044
·
4 years ago
mentioned in commit
5bbc6044
mentioned in commit 5bbc60445f8a6dfe6e861371a09fa767b3f317cf
Toggle commit list
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment