Restrict Access to telnet Service

Kaleb Pederson kpederson at mail.ewu.edu
Thu Jul 7 21:54:45 UTC 2005


Assuming that your telnet server supports pam and that it's correctly 
configured, you probably want your config file to look something like:

auth       required     pam_listfile.so item=user sense=deny 
file=/etc/ssh/ssh_denied_users onerr=succeed
# stack to go through regular auth mechanism, whatever it is...
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so

But, given that it's not linked to pam in any way, it doesn't sound like your 
telnet server supports it.

Maybe that helps....

--Kaleb

On Thursday 07 July 2005 2:39 pm, harald.schwier at freenet.de wrote:
> Thanks for your reply.
>
> > > i want to restrict the login via telnet to an user account. All users
> > > should be able to login via sshd, but only one user via in.telnetd. Is
> > > it possible to configure this with pam?
> >
> > You probably want pam_listfile.
>
> I have just read about pam_listfile and it sounds very promissing.
> I have created a file /etc/pam.d/telnet with the line:
>    account required /lib/security/pam_listfile.so file=/etc/telnet.acl
> item=user sense=allow onerr=fail and a file /etc/telnet.acl with the name
> og the user who should be allowed to use telnet.
>
> But it doesen't work :-(
>
> Is it the wrong configuration file? Or ist the configuration wrong?
> Or is Fedoras in.telnetd not using pam?
> ldd /usr/sbin/in.telnetd dosen't say anything about being linkt
> to pam.
> Any more ideas?
> Thanks in advanced,
> Harald
>
>
>
> .
>
>
>
> .
>
>
> .
>
> .
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list




More information about the Pam-list mailing list