1. Oracle Solaris 11.4 Documentation Update Addendum
  2. Securing the Oracle Solaris Operating System
  3. Managing Authentication in Oracle Solaris 11.4
  4. Restricting Console Access Task Might Fail

Restricting Console Access Task Might Fail

The How to Restrict Who Can Log In to the Console task might not successfully restrict console access because of the order of lines in the /etc/pam.d/login file.

Step 1b incorrectly shows that the pam_list line appears after the pam_user_policy line.

Replace Step 1b in the task with the following content:

b. Add the following entries:

## Account management for login(1) incorporates pam_list(7)
##
## To restrict which users and netgroups are allowed to log in to 
## the console, add these lines below and add those users and 
## netgroups to the /etc/users.allow configuration file.
##
account requisite pam_roles.so.1
account required pam_list.so.1 allow=/etc/users.allow
account definitive pam_user_policy.so.1
account required pam_unix_account.so.1
account required pam_tsol_account.so.1