ssh + login
Derfinak Jan
derfinak na hron.fei.tuke.sk
Pátek Říjen 16 15:02:29 CEST 1998
On Fri, 16 Oct 1998, Tibor Pittich wrote:
> Koli comu to? Chcel by som mat jeden subor, v ktorom by som nastavoval moznost
> prihlasovania sa "mimo" lokalnej siete a aby som to nemusel robit dvojmo
> (sshd_conf, login.access).
> Je riesenim len daky script? alebo to ide urobit aj na urovni ssh?
Malo by to ist pomocou genialnej veci, ktora sa nazyva PAM. Modul sa vola
pam_listfile.so:
The list-file module provides a way to deny or allow services based on
an arbitrary file.
Recognized arguments:
onerr=succeed|fail; sense=allow|deny; file=filename;
item=user|tty|rhost|ruser|group|shell apply=user|@group
Description:
The module gets the item of the type specified -- user specifies
the username, PAM_USER; tty specifies the name of the terminal
over which the request has been made, PAM_TTY; rhost specifies
the name of the remote host (if any) from which the request was
made, PAM_RHOST; and ruser specifies the name of the remote user
(if available) who made the request, PAM_RUSER -- and looks for
an instance of that item in the file filename. filename
contains one line per item listed. If the item is found, then
if sense=allow, PAM_SUCCESS is returned, causing the
authorization request to succeed; else if sense=deny,
PAM_AUTH_ERR is returned, causing the authorization request to
fail.
...
Je potrebne pridat tento modul na zaciatok sluzieb (/etc/pam.d), na ktore sa
ma obmedzenie vztahovat. (napr. login, ssh, ftp, imap)
jano
--
----- I can't get no satisfaction -----
Rolling Stones
Další informace o konferenci Linux