天天看点
返回

pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

OS version:Red Hat Enterprise Linux Server release 6.4

Kernel version:2.6.32-358.el6.x86_64

-------------------------------------------------------------------------

准备工作:

[root@Zhai ~]# groupadd pam_ssh

[root@Zhai ~]# useradd pam_test1 -G pam_ssh

[root@Zhai ~]# useradd pam_test2 -G pam_ssh

[root@Zhai ~]# useradd pam_test3

[root@Zhai ~]# useradd pam_test4

[root@Zhai ~]# useradd pam_test5

验证pam_permit.so:

[root@Zhai ~]# vi /etc/pam.d/sshd

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
session         required        pam_loginuid.so
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

验证pam_deny.so:

#%PAM-1.0
auth            required        pam_deny.so
account         required        pam_unix.so
session         required        pam_loginuid.so
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

验证pam_time.so:

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
account         required        pam_time.so
session         required        pam_loginuid.so

[root@Zhai ~]# vi /etc/security/time.conf

# Add by zhai_kang
# The default is to accept
# Only 01:00-01:04 Tuesday,Wednesday 00:05-00:08, pam_test3 can't log in via ssh
sshd;*;pam_test3;Tu0100-0104 | We0005-0008
# Only 01:00-01:04 Tuesday, pam_test4 can't log in via ssh
sshd;*;pam_test4;!Tu0100-0104
# Only 01:00-01:04 Tuesday, pam_test5 can log in via ssh
sshd;*;pam_test5;Tu0100-0104
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

验证pam_echo.so:

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
session         required        pam_echo.so file=/etc/message

[root@Zhai ~]# vi /etc/message

+---------------------------------------------------+
                welcome to %h Server
                Login User: %u
                Login from: %H
+---------------------------------------------------+
pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

验证pam_limits.so:

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_unix.so
session         required        pam_limits.so debug conf=/etc/security/limits.conf

[root@Zhai ~]# vi /etc/security/limits.conf

pam_test3       -       maxlogins       2

[root@Zhai ~]# > /var/log/secure

pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

[root@Zhai ~]# cat /var/log/secure

pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so

The detailed information:man pam_permit

The detailed information:man pam_deny

The detailed information:man pam_time

The detailed information:man pam_echo

The detailed information:man time.conf

The detailed information:man pam_limits

The detailed information:man limits.conf

安全 Linux-PAM
上一篇: Control Drawing Effect(一)
下一篇: pam_listfile.so

继续阅读