Problem with pam_access
bluesman
bluesman at bluesman.it
Wed Feb 11 19:22:51 UTC 2009
Thanks! I finally got it working!
I set up UseDNS no in sshd.conf and the auth magically worked.
I'm planning to have a radius server, but for now it's already a great
security improvement over the current situation without service impacts.
thanks again
Diego
On Wed, 11 Feb 2009 10:05:02 -0700, RB <aoz.syn at gmail.com> wrote:
> On Wed, Feb 11, 2009 at 06:03, bluesman <bluesman at bluesman.it> wrote:
>> Hi Jon, Thanks for the reply.
>> Unfortunately it's not what I exactly need.
>> I need to configure restrictions like these:
>> - user A is allowed to login only from X.X.X.X
>> - user B is allowed to login only from X.X.X.X/MM
>
> The pam_access module does not resolve hostnames itself; it only uses
> whatever PAM_RHOST is set to. Whatever application is being
> authenticated against pam_access (SSH? FTP?) is doing the reverse
> lookups and setting PAM_RHOST accordingly. Turn off DNS resolution in
> that app, and you won't be dealing with hostnames any more.
>
> When you have large numbers of clients you need to control both source
> & destination for, it's often worth the effort to go ahead and
> configure a RADIUS server and allow it to handle the N:N mappings.
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list