final summary:nologin-exception

From: Dr. Martin Körfer (koerfer_at_mpch-mainz.mpg.de)
Date: 12/13/04

  • Next message: Alan Douglas: "root filesystem - lost space" 
    Date: Mon, 13 Dec 2004 15:12:16 +0100
To: tru64-unix-managers@ornl.gov

    Very simple solution,

    as I run the webmail-service on a 2 node cluster using the Apache-Webserver (on
    secure port 443), I needed to define thr SSL Virtual Host Context in the
    httpd.conf.
    Here I determined as Servername the name of the "cluster-alias".
    Now creating /etc/nologin_$host1 and ..._$host2, users are not able to login
    through ssh or telnet (even when using the "cluster-alias" the hostname of the
    login-host1 or ..2 is determined !)
    The https uses the "cluster-alias", wherefor login is not permitted !!

    Fine

    Martin

    Only one usefull answer from Piotr Grzybowski:
    ------------------------------------------------------------------
    maybe try play with /etc/nologin_${hostname} and try to explain
    to the imap servers and http deamon that they should use
    a different hostname than that in ${hostname}.
    ----------------------------------------------------------------------

    A good hint, thus:
    May be I can create an if-statement in the "/sbin/enlogin"-script that login
    through "httpd" causes to use another hostname.
    The only difficulty is to determine a matching criterium, as their are always
    several httpd's running.

    Open for ideas, I will report,

    Martin

    On Thu, 9 Dec 2004, Martin Koerfer wrote:

    > Date: Thu, 09 Dec 2004 13:09:01 +0100
    > From: Martin Koerfer <koerfer@mpch-mainz.mpg.de>
    > To: tru64-unix-managers@ornl.gov
    > Followup-To: poster
    > Subject: nologin-exception
    >
    > Hi managers,
    >
    > we run Tru64 V5.1a(PK6), basic security, on an AS that is configuered with
    > /etc/nologin, in order to prevent "user-access".
    > Now we want to grant access only to "users" that want to access the
    imap-service
    > for checking their mail with an "webmail"-application.
    > Do you know a way to grant access for users that use a special service only by
    > keeping the general "nologin"-conditions ??
    >
    > Any help would be appreciated
    >
    > Thanks in advance
    >
    > Martin Körfer
    >

    -------------------------------------------------
    This mail sent through IMP: www1.mpch-mainz.mpg.de

    -------------------------------------------------
    This mail sent through IMP: http://horde.org/imp/

  • Next message: Alan Douglas: "root filesystem - lost space"