pam_abl "whitelist" feature request
Andy Armstrong
andy at hexten.net
Thu Oct 27 14:53:41 UTC 2005
On 26 Oct 2005, at 02:17, George Hansper wrote:
> Hi Andy,
>
> I've been using pam_abl at home a bit, and every now
> and again, I hit the problem of my own user-id gets locked
> due to brute-force attacks. (pam_abl in action :-)
>
> In order to regain access, I have to use:
>
> pam_abl --okuser=myname
>
> The "problem" is that this opens up the userid for
> everyone again, and purges the database of entries
> (so I lose the stats that pam_abl keeps)
>
> What I would like to do, is allow myuser from 127.0.0.1 only, until
> the normal pam_abl criteria expires. ie to have specific
> username/host combinations which are "whitelisted".
>
> Or even hosts that are white-listed: ie.
> If a login comes from, say 127.0.0.1, and the
> allow the login regardless of the blocking/non-blocking
> state of the user.
>
> I haven't looked at how hard/easy this is in the code, but I thought
> I'd mention is as something to consider.
I guess I need to add a whitelist feature... Hmm. I'll add it to the
list :)
--
Andy Armstrong, hexten.net
More information about the Pam-list
mailing list