pam & winbindd
Kenneth Geisshirt
kenneth at geisshirt.dk
Thu Apr 19 08:25:55 UTC 2007
On Tue, 17 Apr 2007 12:04:37 +0200 Peter Huber <huber at uni-wh.de> wrote:
> Thanks for that hint. Can you show me your corresponding pam config
> files? I have still got some trouble here...
I didn't have a winbind example at home but I have work for limiting
rsh.
# PAM configuration for rsh (SLES 8)
auth required pam_rhosts_auth.so no_rhosts
auth required pam_nologin.so
account required pam_access.so \
accessfile=/etc/security/rsh-access.conf
rsh-access.conf is (only members of the petromod group can use rsh
from either localhost or the ux0001 host):
# /etc/security/rsh-access.conf
# RSH access
# Last modified: 2005-08-11
#
+:petromod:localhost,ux0001
-:ALL:ALL
But the succeed_if module is also nice since you don't need a
configuration file:
# PAM configuration for rsh - /etc/pam.d/rsh
# SLES 9
auth required pam_rhosts_auth.so no_rhosts
auth required pam_nologin.so
auth required pam_succeed_if.so user ingroup petromod
The examples can also be found in my PAM book - see
http://www.packtpub.com/pluggable-authentication-modules/book
/kneth
--
Kenneth Geisshirt, Ph.D., M.Sc. - http://kenneth.geisshirt.dk/
"To infinity, and beyond!" -- Buzz Lightyear
More information about the Pam-list
mailing list