OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64
-------------------------------------------------------------------------
准备工作:
[root@Zhai ~]# groupadd pam_ssh
[root@Zhai ~]# useradd pam_test1 -G pam_ssh
[root@Zhai ~]# useradd pam_test2 -G pam_ssh
[root@Zhai ~]# useradd pam_test3
[root@Zhai ~]# useradd pam_test4
[root@Zhai ~]# useradd pam_test5
验证pam_permit.so:
[root@Zhai ~]# vi /etc/pam.d/sshd
#%PAM-1.0 auth required pam_permit.so account required pam_unix.so session required pam_loginuid.so
验证pam_deny.so:
[root@Zhai ~]# vi /etc/pam.d/sshd
#%PAM-1.0 auth required pam_deny.so account required pam_unix.so session required pam_loginuid.so
验证pam_time.so:
[root@Zhai ~]# vi /etc/pam.d/sshd
#%PAM-1.0 auth required pam_permit.so account required pam_unix.so account required pam_time.so session required pam_loginuid.so
[root@Zhai ~]# vi /etc/security/time.conf
# Add by zhai_kang # The default is to accept # Only 01:00-01:04 Tuesday,Wednesday 00:05-00:08, pam_test3 can't log in via ssh sshd;*;pam_test3;Tu0100-0104 | We0005-0008 # Only 01:00-01:04 Tuesday, pam_test4 can't log in via ssh sshd;*;pam_test4;!Tu0100-0104 # Only 01:00-01:04 Tuesday, pam_test5 can log in via ssh sshd;*;pam_test5;Tu0100-0104
验证pam_echo.so:
[root@Zhai ~]# vi /etc/pam.d/sshd
#%PAM-1.0 auth required pam_permit.so account required pam_unix.so session required pam_echo.so file=/etc/message
[root@Zhai ~]# vi /etc/message
+---------------------------------------------------+ welcome to %h Server Login User: %u Login from: %H +---------------------------------------------------+
验证pam_limits.so:
[root@Zhai ~]# vi /etc/pam.d/sshd
#%PAM-1.0 auth required pam_permit.so account required pam_unix.so session required pam_limits.so debug conf=/etc/security/limits.conf
[root@Zhai ~]# vi /etc/security/limits.conf
pam_test3 - maxlogins 2
[root@Zhai ~]# > /var/log/secure
[root@Zhai ~]# cat /var/log/secure
-------------------------------------------------------------------------
The detailed information:man pam_permit
The detailed information:man pam_deny
The detailed information:man pam_time
The detailed information:man pam_echo
The detailed information:man time.conf
The detailed information:man pam_limits
The detailed information:man limits.conf