[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv5-list] a PAM question



Steve Grubb wrote:
On Tuesday 17 February 2009 12:27:58 pm vu pham wrote:
Or any better way to do it ?

You might consider pam_access. You can state the machines/user pairs concisely and use an "except" statement to exclude the 2 accounts from an "all" statement. There are examples in /etc/security/access.conf

-Steve


delhage gmail com wrote:
[...]
> I don't know if your solution presents any security problem (it might)
> but probably a much easier and cleaner way of accomplishing the same
> thing is to use pam_access. Have a look at pam_access(8) and
> access.conf(5) or /usr/share/doc/pam-*/txts/README.pam_access.
>
> I haven't used it in some time but basically you should be able to use
> lines like the following in /etc/security/access.conf:
>
> +:u2:host2
> +:u3:host3
>
> Cheers,
>
> Lars

Steve, Lars,

Thanks for your advice. Yes, pam_access.so makes it much simpler.
My /etc/security/access.conf has :

+:u2:192.168.249.172
-:u2:ALL
+:u3:192.168.249.210
-:u3:ALL

and it works fine.


Thanks,
Vu


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]