Differences

This shows you the differences between two versions of the page.

--- centos_7_prevent_access [2015/09/14 09:36] – [CentOS 7 - access.conf] admin
+++ centos_7_prevent_access [2021/10/09 15:14] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 {{tag>[security openldap centos7 access]}}
-~~TOC~~
 =====CentOS 7 - login access control, access.conf=====
 Most of the time I see admins preventing or granting access only using SSHd config. For example using the AllowGroups directive. But that is only half the story. If you have a valid user, local or in a remote directory (LDAP), you can still login via the console, over serial, or using 'su'.
-To prevent this, you can allow access to only specific groups by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.
+To prevent this, you can allow access to only specific users, groups and locations by configuring it in the /etc/security/access.conf file and modify /etc/pam.d/system-auth.
-  * Add to /etc/security/access.conf:<code># vim /etc/security/access.conf
+  * Make sure you have the **pam_access.so** module enabled. You can configure this with authconfig.
+  * Add the configuration to **/etc/security/access.conf**. See examples below:<code># vim /etc/security/access.conf
 # Everyone in the group sysaccess can login from all locations.