I'm running Debian Wheezy and having a rough time getting /etc/security/access.conf changes to apply. Tangentially, I believe there could be an issue with PAM in general as I have been unable to get changes in limits.conf to stick.
My systems are setup to authenticate against an LDAP server. I want to limit the users that can log in to a couple of local users and members of a couple LDAP groups.
I've added the following to /etc/pam.d/sshd and /etc/pam.d/login:
account required pam_access.so
My access.conf looks like this:
+ : local_user1 local_user2 ldap_group1 ldap_group2 : ALL
- : ALL : ALL
I know this can be accomplished via sshd_config, but it's become a matter of principle at this point. As I mentioned above, I'm wondering if there isn't something going on with PAM.
Best Answer
UsePAM
in /etc/ssh/sshd_config is required for sshd to pay attention to PAM settings.