[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with pam_access



Typically pam_access is used in targeting select groups or netgroups. If you trying to restrict access based on the source IP address, then the best option for accomplishing that is using iptables. Even if you are still targeting select groups to have access, I would still recommend combining iptables for just the IP restrictions.

-- Jon Miller

On Wed, Feb 11, 2009 at 7:38 AM, bluesman <bluesman bluesman it> wrote:

Hi Guys,
 My first mesage to this list, so nice to meet you :) Here's the problem:
In order to restrict access to our clients, we are implementing pam_access
module. The configuration is working fine, but there is some problem in
defining the "from" field.
 During the authentication, if the module is able to (reverse) resolve the
IP, it *wants* to find the DNS name in the access.conf, ignoring the line
even if the IP or subnet is defined. As a workaround, i added all DNS names
and IP in the config. but this will make impossible for me to define IP
ranges.
Do someone know how to solve this problem?

Hope I've been clear enough.
Thanks in advance.

Diego Roccia

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]