- This was on a RHEL 5.9 system that is authenticated via Active Directory.System uses latest pam - pam-0.99.6.2.12 and now users cannot ssh into the system. Prior to the update, system had pam-0.99.6.2-6.el5_5.2.
- Problem does not seem to involve number of users in the group as a test was done with only 2 users.
1) Configure system with AD or LDAP and enable pam_listfile in /etc/pam.d/sshd to control login
2) Attempt to login to server
3) From /var/log/secure:
Feb 27 13:51:41 host1 sshd: pam_listfile(sshd:account): Refused user abc for service sshd Feb 27 13:51:41 host1 sshd: fatal: Access denied for user abc by PAM account configuration
Representative /etc/pam.d/sshd file:
#%PAM-1.0 auth include system-auth account required pam_listfile.so onerr=fail item=group sense=allow file=/etc/security/groups.allow account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so
- Representative groups.allow file:
[xyz@host1 pam.d]$ cat ../security/groups.allow users
- Red Hat Enterprise Linux 5.9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.