SLAC CPE Software Engineering Group
Stanford Linear Accelerator Center
System Admin

LCLS Server Access

SLAC Detailed
SLAC Computing
Software Home
Software Detailed


Programmers' Guides, Users' Guides






PAM is the pluggable authentication modules.  It is a system that most Linux distributions have incorporated that gives you fine grained control over how users are authenticated.

We use one of the modules, namely,, to create a restrict login access on Linux hosts on CA network.

The configuration can be set by individual configuration files located in the /etc/pam.d, the service is the name of the file, e.g. sshd, in this case.

The in /lib/security is the program that enforces the rules.

Some of the modules have additional configuration files in /etc/security.

The /etc/security/access.conf can be used to greatly restrict who can login from where.

Take lcls-daemon1 for example:

  • Configure /etc/pam.d/sshd
    • on lcls-daemon1
    • cd /etc/pam.d
    • cp sshd sshd.dist
    • chmod u-w sshd.dist
    • vi sshd and Append following entry
      • # add login restrictions (access.conf)
      • account required
  • Configure /etc/security
    • cd /etc/security
    • cp access.conf access.conf.dist
    • chmod u-w access.conf.dist
    • vi access.conf and Append following entry
      • # Only allow root laci uwd jingchen brobeck divekar to login from anywhere
      • -:ALL EXCEPT root laci uwd jingchen brobeck divekar:ALL
  • Test login and monitor the login access
    • tail -f /var/log/messages



auth required
auth include password-auth
account required
#account include password-auth
password include password-auth
# close should be the first session rule
#session required close

session required
# open should only be followed by sessions to be executed in the user context
#session required open env_params

session optional force revoke
session include password-auth
account required



# Only allow root uwd jingchen brobeck divekar to login
-:ALL EXCEPT root uwd jingchen brobeck divekar:ALL


Programmers' Guides, Users' Guides, Requirements, Design, Papers, Administration, How-To, Hardware, IOC, Database

[SLAC CPE Software Engineering Group][ SLAC Home Page]

Created by: Jingchen Zhou, 27-Aug-2003