In this task, you limit access to the console to particular users. The /etc/pam.d/login configuration file controls console login.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# cd /etc/pam.d # cp login login.orig # pfedit login
## Account management for login(1) incorporates pam_list(5) ## Restricts who can log in on the console to the users and netgroups ## that are listed in the /etc/users.allow file account requisite pam_roles.so.1 account definitive pam_user_policy.so.1 account required pam_unix_account.so.1 account required pam_list.so.1 allow=/etc/users.allow account required pam_tsol_account.so.1
# cd /etc # touch users.allow ; chmod 644 users.allow
## permitted console logins jdoe
Netgroups are groups that are centrally defined in LDAP or NIS and have user members. Members of a listed netgroup will be able to log in to this particular system on the console.
## permitted console logins jdoe @alladmins
For more information, see the netgroup(4) and pam_list(5) man pages.