[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Multiple trusted hosts setups


The FTP server that's listed on the the links on your page is not
accepting anonymous ("login denied"), is there another place to
download your pam_netgroups module?


"Thomas M. Payerle" wrote:
> >  I am trying to set up a subnet with different sets of trusted hosts,
> >  i.e., the trusted hosts lists are different for the various groups
> >  allowing us to decide which machines have access to other machines
> >  via these trusted hosts lists. For example:
> >  ...
> >  on-line, or can someone forward me some clues on the setting up of
> >  PAM's files for r* commands for the multiple trusted host maps? Or
> >  even a way to bypass PAM and use the old somewhat-reliable
> >  authentication of UNIX days gone by?
> >
> The pam_netgroups module might be of help if I understand you correctly.
> (See http://www2.physics.umd.edu/~payerle/Software/PAM/)
> You can set it up to succeed if the remote host (as given by PAM_RHOST
> variable) belongs to a NIS netgroup listed in some file.  The files listing
> the netgroups will have to be managed on a per machine basis.
> The biggest problem I would see is that the pam_netgroups module is designed
> as a session_management module, not an authentication module (as it really
> doesn't authenticate, just checks authorization).  I am not sure where the
> PAM_RHOST variable gets set normally (if that is done automatically by PAM,
> or if an authentication module is supposed to do that).  If you intend to
> grant access to anyone from machineA without any authentication (e.g. the
> "somewhat-reliable authentication of Unix days gone by" of rsh + .rhosts),
> you could do something like pam_success for authorization followed by
> pam_netgroups for session_management.  _I_ WOULDN'T be comfortable with
> such, but then I'm not comfortable with .rhosts either.
> Tom Payerle
> Dept of Physics                         payerle@physics.umd.edu
> University of Maryland                  (301) 405-6973
> College Park, MD 20742-4111             Fax: (301) 314-9525
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

Kevin Freels, Systems Administrator        415/553.8000 (w)
Wild Brain                                 415/850.3273 (c)
2650 18th Street, San Francisco, CA 94141  415/553.8009 (f)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []