[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pam-list
Subject:    Re: Problem with pam_access
From:       bluesman <bluesman () bluesman ! it>
Date:       2009-02-11 19:22:51
Message-ID: 690e1da84ff40f74ebb67c77848ed8ce () localhost
[Download RAW message or body]


Thanks! I finally got it working!
I set up UseDNS no in sshd.conf and the auth magically worked.
I'm planning to have a radius server, but for now it's already a great
security improvement over the current situation without service impacts.
thanks again
Diego

On Wed, 11 Feb 2009 10:05:02 -0700, RB <aoz.syn@gmail.com> wrote:
> On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman@bluesman.it> wrote:
>> Hi Jon, Thanks for the reply.
>> Unfortunately it's not what I exactly need.
>> I need to configure restrictions like these:
>>  - user A is allowed to login only from X.X.X.X
>>  - user B is allowed to login only from X.X.X.X/MM
> 
> The pam_access module does not resolve hostnames itself; it only uses
> whatever PAM_RHOST is set to.  Whatever application is being
> authenticated against pam_access (SSH? FTP?) is doing the reverse
> lookups and setting PAM_RHOST accordingly.  Turn off DNS resolution in
> that app, and you won't be dealing with hostnames any more.
> 
> When you have large numbers of clients you need to control both source
> & destination for, it's often worth the effort to go ahead and
> configure a RADIUS server and allow it to handle the N:N mappings.
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]