[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_abl "whitelist" feature request



On 26 Oct 2005, at 02:17, George Hansper wrote:
Hi Andy,

I've been using pam_abl at home a bit, and every now
and again, I hit the problem of my own user-id gets locked
due to brute-force attacks. (pam_abl in action :-)

In order to regain access, I have to use:

   pam_abl --okuser=myname

The "problem" is that this opens up the userid for
everyone again, and purges the database of entries
(so I lose the stats that pam_abl keeps)

What I would like to do, is allow myuser from 127.0.0.1 only, until
the normal pam_abl criteria expires. ie to have specific
username/host combinations which are "whitelisted".

Or even hosts that are white-listed: ie.
    If a login comes from, say 127.0.0.1, and the
    allow the login regardless of the blocking/non-blocking
    state of the user.

I haven't looked at how hard/easy this is in the code, but I thought
I'd mention is as something to consider.

I guess I need to add a whitelist feature... Hmm. I'll add it to the list :)

--
Andy Armstrong, hexten.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]