Re: PAM and login.conf + SSH and IMAP
From: Theodore Knab (tjk_at_annapolislinux.org)
Date: 02/11/05
- Previous message: Emma Jukie: "Re: Possible Problem With Apache"
- In reply to: Paul Sandys: "PAM and login.conf + SSH and IMAP"
- Next in thread: Paul Sandys: "Re: PAM and login.conf + SSH and IMAP"
- Reply: Paul Sandys: "Re: PAM and login.conf + SSH and IMAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 11 Feb 2005 10:17:30 -0500 To: Paul Sandys <myj@nyct.net>, freebsd-isp@freebsd.org
I have never used the the /etc/login.access to limit access.
However, I have used other things, which are listed here.
If you are trying to limit regular users from connecting to your system via
their IMAP password that is in /etc/passwd, you could do the following:
1. Add an access list to the /etc/pam.d/ssh file
auth required pam_listfile.so item=user sense=allow file=/etc/sshusers-allowed onerr=fail
2. Don't give the users on IMAP a shell account.
/bin/false or /dev/null as their login shell
3. Firewall the machine so only a few IP's can use ssh.
On 08/02/05 00:05 -0500, Paul Sandys wrote:
>
> I need to block ssh access to wheel only and at the same time allow IMAP access
> to any user.
>
> When I put following in /etc/login.access, the ssh behaves the way I want:
> +:wheel:ALL
> -:ALL:ALL
>
> However, it also denies imap access. I'm trying different options in
> /etc/pam.d/imap without any success. Is there a PAM module that would
> authenticate using system password file and disregarded /etc/login.access ?
>
> Any suggestions ?
>
> Thanks,
> Paul
>
>
> Paul Sandys
> network operations manager
> http://www.nyct.net/
> 212.293.2620
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
-- ------------------------------------------ Ted Knab Chester, Maryland 21619 USA ------------------------------------------ The perception of knowledge is an egotistical farce in which humans extrapolate from simplifications. Proud Graduate of the 'Wack a Mole' Academy of Psydo Sciences. Legal Disclaimer: ------------------------------------- This e-mail is privileged, confidential and subject to the GNU public licence. Any unauthorized use or disclosure of its contents is strictly prohibited and will result in a intensive investigation by the unofficial enforcement agencies whom are watching you read this email. The views expressed in this communication may not necessarily be the views held by the Scottish Borders Council, the Japanese Education Ministry, the Annapolis Linux Users group, or the author whom composed it. _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Emma Jukie: "Re: Possible Problem With Apache"
- In reply to: Paul Sandys: "PAM and login.conf + SSH and IMAP"
- Next in thread: Paul Sandys: "Re: PAM and login.conf + SSH and IMAP"
- Reply: Paul Sandys: "Re: PAM and login.conf + SSH and IMAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
