[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with pam_access



On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman bluesman it> wrote:
> Hi Jon, Thanks for the reply.
> Unfortunately it's not what I exactly need.
> I need to configure restrictions like these:
>  - user A is allowed to login only from X.X.X.X
>  - user B is allowed to login only from X.X.X.X/MM

The pam_access module does not resolve hostnames itself; it only uses
whatever PAM_RHOST is set to.  Whatever application is being
authenticated against pam_access (SSH? FTP?) is doing the reverse
lookups and setting PAM_RHOST accordingly.  Turn off DNS resolution in
that app, and you won't be dealing with hostnames any more.

When you have large numbers of clients you need to control both source
& destination for, it's often worth the effort to go ahead and
configure a RADIUS server and allow it to handle the N:N mappings.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]