[prev in list] [next in list] [prev in thread] [next in thread]
List: pam-list
Subject: Re: Problem with pam_access
From: bluesman <bluesman () bluesman ! it>
Date: 2009-02-11 19:22:51
Message-ID: 690e1da84ff40f74ebb67c77848ed8ce () localhost
[Download RAW message or body]
Thanks! I finally got it working!
I set up UseDNS no in sshd.conf and the auth magically worked.
I'm planning to have a radius server, but for now it's already a great
security improvement over the current situation without service impacts.
thanks again
Diego
On Wed, 11 Feb 2009 10:05:02 -0700, RB <aoz.syn@gmail.com> wrote:
> On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman@bluesman.it> wrote:
>> Hi Jon, Thanks for the reply.
>> Unfortunately it's not what I exactly need.
>> I need to configure restrictions like these:
>> - user A is allowed to login only from X.X.X.X
>> - user B is allowed to login only from X.X.X.X/MM
>
> The pam_access module does not resolve hostnames itself; it only uses
> whatever PAM_RHOST is set to. Whatever application is being
> authenticated against pam_access (SSH? FTP?) is doing the reverse
> lookups and setting PAM_RHOST accordingly. Turn off DNS resolution in
> that app, and you won't be dealing with hostnames any more.
>
> When you have large numbers of clients you need to control both source
> & destination for, it's often worth the effort to go ahead and
> configure a RADIUS server and allow it to handle the N:N mappings.
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic