On Tue, 17 Apr 2007 12:04:37 +0200 Peter Huber <huber@xxxxxxxxx> wrote: > Thanks for that hint. Can you show me your corresponding pam config > files? I have still got some trouble here... I didn't have a winbind example at home but I have work for limiting rsh. # PAM configuration for rsh (SLES 8) auth required pam_rhosts_auth.so no_rhosts auth required pam_nologin.so account required pam_access.so \ accessfile=/etc/security/rsh-access.conf rsh-access.conf is (only members of the petromod group can use rsh from either localhost or the ux0001 host): # /etc/security/rsh-access.conf # RSH access # Last modified: 2005-08-11 # +:petromod:localhost,ux0001 -:ALL:ALL But the succeed_if module is also nice since you don't need a configuration file: # PAM configuration for rsh - /etc/pam.d/rsh # SLES 9 auth required pam_rhosts_auth.so no_rhosts auth required pam_nologin.so auth required pam_succeed_if.so user ingroup petromod The examples can also be found in my PAM book - see http://www.packtpub.com/pluggable-authentication-modules/book /kneth -- Kenneth Geisshirt, Ph.D., M.Sc. - http://kenneth.geisshirt.dk/ "To infinity, and beyond!" -- Buzz Lightyear _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
