ssh + login

[Derfinak Jan]

On Fri, 16 Oct 1998, Tibor Pittich wrote:

> Koli comu to? Chcel by som mat jeden subor, v ktorom by som nastavoval moznost
> prihlasovania sa "mimo" lokalnej siete a aby som to nemusel robit dvojmo
> (sshd_conf, login.access).
> Je riesenim len daky script? alebo to ide urobit aj na urovni ssh?

Malo by to ist pomocou genialnej veci, ktora sa nazyva PAM. Modul sa vola
pam_listfile.so:
  The list-file module provides a way to deny or allow services based on
  an arbitrary file.

     Recognized arguments:
        onerr=succeed|fail; sense=allow|deny; file=filename;
        item=user|tty|rhost|ruser|group|shell apply=user|@group

     Description:                                              
        The module gets the item of the type specified -- user specifies
        the username, PAM_USER; tty specifies the name of the terminal
        over which the request has been made, PAM_TTY; rhost specifies
        the name of the remote host (if any) from which the request was
        made, PAM_RHOST; and ruser specifies the name of the remote user
        (if available) who made the request, PAM_RUSER -- and looks for
        an instance of that item in the file filename.  filename
        contains one line per item listed.  If the item is found, then
        if sense=allow, PAM_SUCCESS is returned, causing the
        authorization request to succeed; else if sense=deny,
        PAM_AUTH_ERR is returned, causing the authorization request to
        fail.     
        ...

Je potrebne pridat tento modul na zaciatok sluzieb (/etc/pam.d), na ktore sa
ma obmedzenie vztahovat. (napr. login, ssh, ftp, imap)

			jano

-- 
----- I can't get no satisfaction -----
			Rolling Stones