Problem with pam_access
bluesman
bluesman at bluesman.it
Wed Feb 11 13:03:21 UTC 2009
Hi Jon, Thanks for the reply.
Unfortunately it's not what I exactly need.
I need to configure restrictions like these:
- user A is allowed to login only from X.X.X.X
- user B is allowed to login only from X.X.X.X/MM
etc..
On Wed, 11 Feb 2009 07:52:49 -0500, Jon Miller <jonebird at gmail.com> wrote:
> Typically pam_access is used in targeting select groups or netgroups. If
> you
> trying to restrict access based on the source IP address, then the best
> option for accomplishing that is using iptables. Even if you are still
> targeting select groups to have access, I would still recommend combining
> iptables for just the IP restrictions.
>
> -- Jon Miller
>
> On Wed, Feb 11, 2009 at 7:38 AM, bluesman <bluesman at bluesman.it> wrote:
>
>>
>> Hi Guys,
>> My first mesage to this list, so nice to meet you :) Here's the
problem:
>> In order to restrict access to our clients, we are implementing
>> pam_access
>> module. The configuration is working fine, but there is some problem in
>> defining the "from" field.
>> During the authentication, if the module is able to (reverse) resolve
>> the
>> IP, it *wants* to find the DNS name in the access.conf, ignoring the
line
>> even if the IP or subnet is defined. As a workaround, i added all DNS
>> names
>> and IP in the config. but this will make impossible for me to define IP
>> ranges.
>> Do someone know how to solve this problem?
>>
>> Hope I've been clear enough.
>> Thanks in advance.
>>
>> Diego Roccia
>>
>> _______________________________________________
>> Pam-list mailing list
>> Pam-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pam-list
>>
>
More information about the Pam-list
mailing list