Problem with pam_access
RB
aoz.syn at gmail.com
Wed Feb 11 17:05:02 UTC 2009
On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman at bluesman.it> wrote:
> Hi Jon, Thanks for the reply.
> Unfortunately it's not what I exactly need.
> I need to configure restrictions like these:
> - user A is allowed to login only from X.X.X.X
> - user B is allowed to login only from X.X.X.X/MM
The pam_access module does not resolve hostnames itself; it only uses
whatever PAM_RHOST is set to. Whatever application is being
authenticated against pam_access (SSH? FTP?) is doing the reverse
lookups and setting PAM_RHOST accordingly. Turn off DNS resolution in
that app, and you won't be dealing with hostnames any more.
When you have large numbers of clients you need to control both source
& destination for, it's often worth the effort to go ahead and
configure a RADIUS server and allow it to handle the N:N mappings.
More information about the Pam-list
mailing list