On Thu, Nov 26, 2015 at 4:49 PM, Tinker <tinkr@xxxxxxxxxxxxxxx> wrote:
> On 2015-11-26 13:33, Darren Tucker wrote:
[...]
>> What is the script going to do?
You didn't answer this.
> How would you do it using bsdauth?
>
> (PAM seems very redundant to install on OBSD.)
You are using OpenBSD or something else?
[...]
>> This sounds a bit like what authpf[1] does. I imagine you could write
>> firewall rules to block outgoing tcp connections from sshd until after
>> authpf runs, if that is an option for you.
>
> (That sounds like a very indirect approach, in particular as it would cover
> only some connections?)
Assuming you write the PF rules to do so you should be able to match
local processes (using "user" rules and the $user_id authpf macro) as
well as connections from the IP address they're logging in as (using
"from" rules and $user_ip macro).
But all of this is speculative because you still have not described
what the objective of this exercise is.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
