Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Apr 2011 15:23:00 -0400
From:      Dimitri Yioulos <dyioulos@firstbhph.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Help with pam_abl package
Message-ID:  <201104051523.02567.dyioulos@firstbhph.com>
In-Reply-To: <BANLkTinWoCaJtBPdcujQFALbSBTGiY+iYQ@mail.gmail.com>
References:  <BANLkTinWoCaJtBPdcujQFALbSBTGiY+iYQ@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tuesday 05 April 2011 12:22:54 pm Phusion 
wrote:
> I'm having a problem with the pam_abl package.
> I've already emailed the programs author, but
> didn't get a reply back. I'm having trouble
> setting up a rule to exclude to users. One user
> is the root user while the other is a local
> account. I've tried multiple things, but they
> don't seem to work. The rules seem to only not
> include the root user.
>
> This does exclude the root user, but not the
> localacct user.
>
> #debug
> user_db=/var/db/pam_abl/users.db
> user_rule=!root|!localacct:5/60d
>
> This next one doesn't seem to work either.
>
> #debug
> user_db=/var/db/pam_abl/users.db
> user_rule=!root:5/60d !localacct:5/60d
>
> Please advise.
>
> Phusion
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freeb
>sd-questions To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"


You might want to try the following (from the 
pam_abl documentation):


Multiple rules can be provided separated by spaces 
like this

*:10/1h root:5/1h,10/1d

in which case all rules that match a particular 
user and service will be checked. The user or 
host will be blocked if any of the rule triggers 
matches. The sense of the user matching can be 
inverted by placing a '!' in front of the rule so 
that

!root:20/1d

is a rule which would match for all users apart 
from root. It is important to treat root as a 
special case in the user_rule otherwise excessive 
attempts to authenticate as root will result in 
the root account being locked out even for valid 
holders of root credentials.


HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201104051523.02567.dyioulos>