Barry wrote:
Is there a reverse DNS entry for the machine you are denying yourself
from? Try using the ip address instead of the hostname so we can
eliminate that from the equation.
OK, good point! I changed the entry in /etc/security/access.conf to
-:mok:beast
(instead of -:mok:10.14.44.104)
I've just had a play on a test system and I seem to have it working.
... and setup the sshd with UsePAM yes like suggested by Will, and now
the setup WORKS!
We _do_ have reverse IP lookup, but perhaps the reverse lookup and the
authentication do not agree on whether to use a FQDN or the short form.
Anyhow, using the short form works in our setup. So, now that it works,
I could test to see what breaks it again, and it is definitely important
to have the "UsePAM yes" line in sshd_config.
[user@client ~]$ ssh -ltestuser 192.168.24.112
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
I get the same (unfriendly) message. It would be nice to be able to
print a message to the user, explaining why access is denied. Otherwise
we will have users standing in lines demanding an explanation. I guess
it is possible with some sneaky pam engineering, I will look into that next.
Thanks for the help!
Cheers,
Morten
--
Morten Kjeldgaard, Asc. professor, Ph.D.
Department of Molecular Biology, Aarhus University
Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark
Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178
Home +45 86188180 * http://www.bioxray.dk/~mok
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
