What are user jzyc's uid and gid on the system? I'm no Linux PAM guru, but : "auth requisite pam_succeed_if.so uid >= 1000" and "account sufficient pam_succeed_if.so uid < 1000 quiet"
seem to be in contradiction with each other, and being in /etc/pam.d/zeppelin, it wouldn't affect ssh. Cheers! -sam On Mon, May 24, 2021, 03:25 igyu <i...@21cn.com> wrote: > I copy shiro.ini.template to shiro.ini > > modify shiro.ini > > > > #[users] > > #admin = password1, admin > > #user1 = password2, role1, role2 > > #user2 = password3, role3 > > #user3 = password4, role2 > > ……………………………………………………………… > > #A sample PAM configuration > pamRealm=org.apache.zeppelin.realm.PamRealm > pamRealm.service=zeppelin > > > in /etc/pam.d/zeppelin > > #%PAM-1.0 > > #This file is auto-generated. > > #User changes will be destroyed the next time authconfig is run. > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 1000 quiet_success > #auth required pam_deny.so > # > account required pam_unix.so > account sufficient pam_localuser.so > account sufficient pam_succeed_if.so uid < 1000 quiet > account required pam_permit.so > > > > but only "jzyc" user can login, other users get error "The username and > password that you entered don't match." > > I ensure username and passowd is correct. > > > > if I use "pamRealm.service=sshd" > > also only "jzyc" use can login, > > I ensure "read_hive" user can ssh, but "read_hive" can't login zeppelin > > > > ------------------------------ > igyu >
