Re: PAM and login.conf + SSH and IMAP

From: Volker Kindermann (ml_at_ps102.de)
Date: 02/13/05

Next message: Noah Davidson: "Sendmail question"

Previous message: Suporte Matik: "Re: PAM and login.conf + SSH and IMAP"
In reply to: Paul Sandys: "PAM and login.conf + SSH and IMAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 13 Feb 2005 09:55:20 +0100
To: Paul Sandys <myj@nyct.net>

Hi Paul,

> I need to block ssh access to wheel only and at the same time allow IMAP access
> to any user.
>
> When I put following in /etc/login.access, the ssh behaves the way I want:
> +:wheel:ALL
> -:ALL:ALL
>
> However, it also denies imap access. I'm trying different options in
> /etc/pam.d/imap without any success. Is there a PAM module that would
> authenticate using system password file and disregarded /etc/login.access ?
>
> Any suggestions ?

why don't you use ssh's ability to restrict logins?

Look for "Allowed groups" in man sshd_config

If you allow the wheel group there, than no other user may login via ssh.

-volker
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

Next message: Noah Davidson: "Sendmail question"

Previous message: Suporte Matik: "Re: PAM and login.conf + SSH and IMAP"
In reply to: Paul Sandys: "PAM and login.conf + SSH and IMAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]