I have a cvs server for our local user community which uses ssh key-based authentication for read/write access to the cvs repository. We also use ssh + pam on the system to allow the administrators to log in. pam_access.so and access.conf is used in /etc/pam.d/sshd to restrict this list of administrators. Since cvs is using ssh as a transport, this is also restricting the users who have access via cvs. Unfortunately, the list of administrators is different from the list of cvs users. Ultimately we want to allow ssh logins with a shell for administrators only, and ssh access via cvs (but no login shell) to cvs users only. Setting the user shells to /sbin/nologin is not an option because the user accounts are coming from ldap. How can I configure pam to use two separate access.conf files, one for admin ssh access and one for cvs ssh access? Or is there an alternate way of accomplishing this? --Mike
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
