pam_abl "whitelist" feature request
George Hansper
george-lists at anstat.com.au
Wed Oct 26 01:17:33 UTC 2005
Hi Andy,
I've been using pam_abl at home a bit, and every now
and again, I hit the problem of my own user-id gets locked
due to brute-force attacks. (pam_abl in action :-)
In order to regain access, I have to use:
pam_abl --okuser=myname
The "problem" is that this opens up the userid for
everyone again, and purges the database of entries
(so I lose the stats that pam_abl keeps)
What I would like to do, is allow myuser from 127.0.0.1 only, until
the normal pam_abl criteria expires. ie to have specific
username/host combinations which are "whitelisted".
Or even hosts that are white-listed: ie.
If a login comes from, say 127.0.0.1, and the
allow the login regardless of the blocking/non-blocking
state of the user.
I haven't looked at how hard/easy this is in the code, but I thought
I'd mention is as something to consider.
Regards,
George Hansper
More information about the Pam-list
mailing list