RE: Verbal Login Failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi
After a lot of rtfm, I have found an answer. So for the benefit of future googlers I am replying to my own thread.

The two important lines are:
account     [success=1] pam_access.so 
account     optional      pam_echo.so You do not have the correct group membership to access this machine

This line basically says that if the exit code of the pam_access module is "success" then skip the next line and continue with the normal procedure.

If pam_access denies you access the exit code will be PAM_PERM_DENIED and the next line will be the error message which will be shown.

Regards

> -----Original Message-----
> From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-
> bounces@xxxxxxxxxx] On Behalf Of Gerrard Geldenhuis
> Sent: 05 January 2011 10:34
> To: pam-list@xxxxxxxxxx
> Subject: Verbal Login Failure
> 
> Hi
> I am not sure if this is designed into PAM, but how can I feedback better to
> users about why/where their login failed?
> 
> I already here the voices about you not wanting to reveal that reason to the
> users but I think I have a valid case:
> We use access.conf and when a users is not allowed access the following
> will happen:
> users types in password
> ssh session terminates
> 
> This is not very intuitive and your first thought is that you have typed your
> password wrong. If you could at least get a message to say access has been
> denied for whatever reason that would be imminently more useful and
> easier to debug for 1ste line support guys.
> 
> Is there any way to achieve this?
> 
> Regards
> 
> ___________________________________________________________________
> _____
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
> 
> ___________________________________________________________________
> _____
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux