Thanks! I finally got it working! I set up UseDNS no in sshd.conf and the auth magically worked. I'm planning to have a radius server, but for now it's already a great security improvement over the current situation without service impacts. thanks again Diego On Wed, 11 Feb 2009 10:05:02 -0700, RB <aoz.syn@xxxxxxxxx> wrote: > On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman@xxxxxxxxxxx> wrote: >> Hi Jon, Thanks for the reply. >> Unfortunately it's not what I exactly need. >> I need to configure restrictions like these: >> - user A is allowed to login only from X.X.X.X >> - user B is allowed to login only from X.X.X.X/MM > > The pam_access module does not resolve hostnames itself; it only uses > whatever PAM_RHOST is set to. Whatever application is being > authenticated against pam_access (SSH? FTP?) is doing the reverse > lookups and setting PAM_RHOST accordingly. Turn off DNS resolution in > that app, and you won't be dealing with hostnames any more. > > When you have large numbers of clients you need to control both source > & destination for, it's often worth the effort to go ahead and > configure a RADIUS server and allow it to handle the N:N mappings. > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
