pam_access.so user&hostname based access problems.
Sysadmin
sysadmin at e-positive.ee
Wed Apr 12 15:09:09 UTC 2006
Hello.
I have firewall protected network in which also mailserver
(dovecot/postfix) runs, and every local user with account, can access
it. Now I have some privileged users which need access also from
outside, true firewall, so I try to make this happend with pam, but
con't figure out, how to do it with two pair of rules, something like:
let the group1 members access mailserver from 0.0.0.0/0
let the group2 members access mailserver from 172.0.0.0/24
group1 members are also members of group2 and logically group1 members
should access mailserver from every network, including
172.0.0.0/24 and group1 members should access mailserver only from
172.0.0.0/24 network.
/etc/pam.d/dovecot.pam includes:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
account required pam_access.so
/etc/security/access.conf includes:
+:ALL group1:0.0.
+:ALL group2:172.0.
-:ALL:ALL
Tried also:
-:ALL EXCEPT group1:0.0.
+:ALL group2:172.0.
And:
+:group1:0.0.
+:group2:172.0.
-:ALL:ALL
Somehow I just can't get this two rules pair work this way. Can someone
please tell me is this ever possible? Or maybe someone have made some
special module for this?
--
Sysadmin
More information about the Pam-list
mailing list