Restrict Access to telnet Service
Kaleb Pederson
kpederson at mail.ewu.edu
Thu Jul 7 21:54:45 UTC 2005
Assuming that your telnet server supports pam and that it's correctly
configured, you probably want your config file to look something like:
auth required pam_listfile.so item=user sense=deny
file=/etc/ssh/ssh_denied_users onerr=succeed
# stack to go through regular auth mechanism, whatever it is...
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
But, given that it's not linked to pam in any way, it doesn't sound like your
telnet server supports it.
Maybe that helps....
--Kaleb
On Thursday 07 July 2005 2:39 pm, harald.schwier at freenet.de wrote:
> Thanks for your reply.
>
> > > i want to restrict the login via telnet to an user account. All users
> > > should be able to login via sshd, but only one user via in.telnetd. Is
> > > it possible to configure this with pam?
> >
> > You probably want pam_listfile.
>
> I have just read about pam_listfile and it sounds very promissing.
> I have created a file /etc/pam.d/telnet with the line:
> account required /lib/security/pam_listfile.so file=/etc/telnet.acl
> item=user sense=allow onerr=fail and a file /etc/telnet.acl with the name
> og the user who should be allowed to use telnet.
>
> But it doesen't work :-(
>
> Is it the wrong configuration file? Or ist the configuration wrong?
> Or is Fedoras in.telnetd not using pam?
> ldd /usr/sbin/in.telnetd dosen't say anything about being linkt
> to pam.
> Any more ideas?
> Thanks in advanced,
> Harald
>
>
>
> .
>
>
>
> .
>
>
> .
>
> .
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list