SBDavid
Jun 25th, 2012
Jun 25th, 2012
Using pam deny.so to Quickly Deny Access to a Service
Using pam deny.so to Quickly Deny Access to a Service
In order to deny access to a service SVCNAME via PAM, edit the file /etc/pam.d/SVCNAME . Prepend this line to the beginning of the file:
auth requisite pam_deny.so
Under most circumstances, there are better ways to disable a service than to deny access via PAM. However, this should suffice as a way to quickly make a service unavailable to future users (existing sessions which have already been authenticated, are not affected). The requisite tag tells PAM that, if the named module returns failure, authentication should fail, and PAM should immediately stop processing the configuration file. The pam deny.so module always returns failure regardless of its input.
