9.1.10.4. Least PrivilegeΒΆ
SIMP uses the access conf file to identify which accounts can login to a system.
After all other identification and authentication checks have passed, the pam
access.conf file is checked to ensure the user is allowed to login. SIMP
allows root
and the administrators
group to login to all systems and the
simp
user to login to the Puppet Server. All other users must be
explicitly added to the access.conf
file using the SIMP pam module.
References: AC-6 : LEAST PRIVILEGE