[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with pam_access



Thanks! I finally got it working!
I set up UseDNS no in sshd.conf and the auth magically worked.
I'm planning to have a radius server, but for now it's already a great
security improvement over the current situation without service impacts.
thanks again
Diego

On Wed, 11 Feb 2009 10:05:02 -0700, RB <aoz syn gmail com> wrote:
> On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman bluesman it> wrote:
>> Hi Jon, Thanks for the reply.
>> Unfortunately it's not what I exactly need.
>> I need to configure restrictions like these:
>>  - user A is allowed to login only from X.X.X.X
>>  - user B is allowed to login only from X.X.X.X/MM
> 
> The pam_access module does not resolve hostnames itself; it only uses
> whatever PAM_RHOST is set to.  Whatever application is being
> authenticated against pam_access (SSH? FTP?) is doing the reverse
> lookups and setting PAM_RHOST accordingly.  Turn off DNS resolution in
> that app, and you won't be dealing with hostnames any more.
> 
> When you have large numbers of clients you need to control both source
> & destination for, it's often worth the effort to go ahead and
> configure a RADIUS server and allow it to handle the N:N mappings.
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list redhat com
> https://www.redhat.com/mailman/listinfo/pam-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]