PAM loginuid restriction removal¶

PAM loginuid restriction removal is a configuration step often required when containerizing applications that utilize the SSH daemon. It ensures that the SSH service can function correctly within environments, such as Docker containers, where the standard Linux auditing subsystem may be unavailable or inappropriate.^[600-developer-docker-dockerfile-docker-ssh.md]

Implementation¶

In a Dockerfile, this restriction is typically removed by modifying the /etc/pam.d/sshd configuration file using the sed command.^[600-developer-docker-dockerfile-docker-ssh.md] The specific operation involves commenting out the line that requires the pam_loginuid.so module.^[600-developer-docker-dockerfile-docker-ssh.md]

The specific command line generally used is:

sed -ri 's/session  required   pam_loginuid.so/#session    required  pam_loginuid.so/g' /etc/pam.d/sshd

This configuration change is a standard practice in setting up SSHD within containers to prevent login failures caused by PAM session restrictions.^[600-developer-docker-dockerfile-docker-ssh.md]

Related Concepts¶

• Dockerfile
• [[SSH]]

Sources¶

^[600-developer-docker-dockerfile-docker-ssh.md]