Date: Tue, 5 Apr 2011 15:23:00 -0400 From: Dimitri Yioulos <dyioulos@firstbhph.com> To: freebsd-questions@freebsd.org Subject: Re: Help with pam_abl package Message-ID: <201104051523.02567.dyioulos@firstbhph.com> In-Reply-To: <BANLkTinWoCaJtBPdcujQFALbSBTGiY%2BiYQ@mail.gmail.com> References: <BANLkTinWoCaJtBPdcujQFALbSBTGiY%2BiYQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 05 April 2011 12:22:54 pm Phusion wrote: > I'm having a problem with the pam_abl package. > I've already emailed the programs author, but > didn't get a reply back. I'm having trouble > setting up a rule to exclude to users. One user > is the root user while the other is a local > account. I've tried multiple things, but they > don't seem to work. The rules seem to only not > include the root user. > > This does exclude the root user, but not the > localacct user. > > #debug > user_db=/var/db/pam_abl/users.db > user_rule=!root|!localacct:5/60d > > This next one doesn't seem to work either. > > #debug > user_db=/var/db/pam_abl/users.db > user_rule=!root:5/60d !localacct:5/60d > > Please advise. > > Phusion > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freeb >sd-questions To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" You might want to try the following (from the pam_abl documentation): Multiple rules can be provided separated by spaces like this *:10/1h root:5/1h,10/1d in which case all rules that match a particular user and service will be checked. The user or host will be blocked if any of the rule triggers matches. The sense of the user matching can be inverted by placing a '!' in front of the rule so that !root:20/1d is a rule which would match for all users apart from root. It is important to treat root as a special case in the user_rule otherwise excessive attempts to authenticate as root will result in the root account being locked out even for valid holders of root credentials. HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104051523.02567.dyioulos>