Skip to content
Snippets Groups Projects
Commit a0853d76 authored by Gin Tan (Monash University)'s avatar Gin Tan (Monash University)
Browse files

Adding one line to restrict access to systems user when nologin file is created

parent 08735a21
No related branches found
No related tags found
1 merge request!200Pamd
- name: "Copy password sshd pam config"
template: src=sshd.j2 dest=/etc/pam.d/sshd
become: true
become_user: root
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup systems
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment