cvs + pam
Michael Thomas
thomas at hep.caltech.edu
Thu Mar 26 05:43:54 UTC 2009
I have a cvs server for our local user community which uses ssh
key-based authentication for read/write access to the cvs repository.
We also use ssh + pam on the system to allow the administrators to log
in. pam_access.so and access.conf is used in /etc/pam.d/sshd to
restrict this list of administrators. Since cvs is using ssh as a
transport, this is also restricting the users who have access via cvs.
Unfortunately, the list of administrators is different from the list of
cvs users. Ultimately we want to allow ssh logins with a shell for
administrators only, and ssh access via cvs (but no login shell) to cvs
users only. Setting the user shells to /sbin/nologin is not an option
because the user accounts are coming from ldap.
How can I configure pam to use two separate access.conf files, one for
admin ssh access and one for cvs ssh access? Or is there an alternate
way of accomplishing this?
--Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4009 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20090325/cfdfc070/attachment.bin>
More information about the Pam-list
mailing list