[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Login restrictions in NIS environment



Hello,

OK, I have now tried the following ideas, and none of them have worked:

1. Add the following to /etc/hosts.deny:
     sshd: rhobbs ALL, PARANOID

2. Add the following to /etc/security/access.conf:
     -:rhobbs nbaker:ALL

I didn't do the exact method that you suggested for "/etc/hosts.allow" and
"/etc/hosts.deny", because that seems to ban everything, and then let
certain things through. I want to let everything through, and just ban
certain users from sshd, so that's why I did step 1 in that way.

As for step 2, I don't know why this didn't work... The "access.conf" file
already existing, so I assume it is installed and running, but perhaps it is
not? I'll read the documentation on this one to see if it gives any
pointers.

If you have any other advice, please let me know.

Thanks again,
Richard.

-- 
Richard Hobbs (Systems Administrator)
Toshiba Research Europe Ltd. - Speech Technology Group
Web: http://www.toshiba-europe.com/research/
Email: richard hobbs crl toshiba co uk
Tel: +44 1223 376964        Mobile: +44 7811 803377 

> -----Original Message-----
> From: redhat-list-bounces redhat com 
> [mailto:redhat-list-bounces redhat com] On Behalf Of Cecilio Marín
> Sent: 08 June 2005 12:36
> To: General Red Hat Linux discussion list
> Subject: Re: Login restrictions in NIS environment
> 
> Well, the second method is a possible solution.
> 
> Services: DNS, HTTPD, NIS...
> 
> #/etc/hosts.allow
> ypserv: ALL
> httpd: ALL EXCEPT fred ALL
> bind: ALL EXCEPT fred ALL
> ....
> <daemon>: ALL EXCEPT fred ALL
> 
> #/etc/hosts.deny
> #Very restrictive
> ALL: ALL ALL, PARANOID
> 
> But the problem is if the daemons are not ready to use 
> wrappers (this is 
> defined on compilation time of daemons).
> 
> Slts.
> 
> Richard Hobbs escribió:
> 
> >Hello,
> >
> >Banning particular IP addresses is useless to us... We need to ban
> >particular users.
> >
> >For example, if we ban fred's machine, fred can still log in from a
> >different machine. We need to ban fred from every machine, 
> but he still
> >needs to be able to log into other machines on the network.
> >
> >Thanks again,
> >Richard.
> >
> >  
> >
> 
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MCI's Internet 
> Managed Scanning Services - powered by MessageLabs. For 
> further information visit http://www.mci.com
> 
> 



_____________________________________________________________________
This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]