Re: Problem with pam_access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks! I finally got it working!
I set up UseDNS no in sshd.conf and the auth magically worked.
I'm planning to have a radius server, but for now it's already a great
security improvement over the current situation without service impacts.
thanks again
Diego

On Wed, 11 Feb 2009 10:05:02 -0700, RB <aoz.syn@xxxxxxxxx> wrote:
> On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman@xxxxxxxxxxx> wrote:
>> Hi Jon, Thanks for the reply.
>> Unfortunately it's not what I exactly need.
>> I need to configure restrictions like these:
>>  - user A is allowed to login only from X.X.X.X
>>  - user B is allowed to login only from X.X.X.X/MM
> 
> The pam_access module does not resolve hostnames itself; it only uses
> whatever PAM_RHOST is set to.  Whatever application is being
> authenticated against pam_access (SSH? FTP?) is doing the reverse
> lookups and setting PAM_RHOST accordingly.  Turn off DNS resolution in
> that app, and you won't be dealing with hostnames any more.
> 
> When you have large numbers of clients you need to control both source
> & destination for, it's often worth the effort to go ahead and
> configure a RADIUS server and allow it to handle the N:N mappings.
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux