From owner-freebsd-questions@FreeBSD.ORG Sun Aug 7 22:32:43 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A41B816A41F for ; Sun, 7 Aug 2005 22:32:43 +0000 (GMT) (envelope-from benlutz@datacomm.ch) Received: from maxlor.mine.nu (c-213-160-32-54.customer.ggaweb.ch [213.160.32.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2965543F38 for ; Sun, 7 Aug 2005 22:32:42 +0000 (GMT) (envelope-from benlutz@datacomm.ch) Received: from localhost (localhost [127.0.0.1]) by maxlor.mine.nu (Postfix) with ESMTP id 04C3737D for ; Mon, 8 Aug 2005 00:32:35 +0200 (CEST) Received: from maxlor.mine.nu ([127.0.0.1]) by localhost (midgard [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28348-02 for ; Mon, 8 Aug 2005 00:32:33 +0200 (CEST) Received: from [10.0.0.23] (mini.intranet [10.0.0.23]) by maxlor.mine.nu (Postfix) with ESMTP id A26C015B for ; Mon, 8 Aug 2005 00:32:33 +0200 (CEST) Message-ID: <42F68C05.1000404@datacomm.ch> Date: Mon, 08 Aug 2005 00:32:37 +0200 From: Benjamin Lutz User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org References: <20050806221350.C2146@fw.skeleton.org> In-Reply-To: <20050806221350.C2146@fw.skeleton.org> X-Enigmail-Version: 0.92.0.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigA78DBAA9C80E3EA355F40DD9" X-Virus-Scanned: by amavisd-new at maxlor.mine.nu Cc: Subject: Re: telnet/sshd limited by user? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2005 22:32:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA78DBAA9C80E3EA355F40DD9 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit > > Is it possible to set things so that 'telnet' is allowed only to one > specific user, while everyone else needs sshd? ie: Obviously, nologin > can be used as a shell to not permit any logins (but makes 'su' break > too), but I'd like to allow telnet for one specific user only and keep > everyone else on sshd. Yes, by playing with PAM. You can change telnetd's PAM configuration (/etc/pam.d/telnetd) to include a group check: auth requisite pam_group.so no_warn group=telnetusers Then create a group "telnetusers", and make your telnet user a member of it. Haven't tested it myself, hope it works. Cheers Benjamin --------------enigA78DBAA9C80E3EA355F40DD9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFC9owFgShs4qbRdeQRApapAJwNbWG8vH2Q2oUZ0L1CGLI2O4XesACfarjy NhuHJb2DJpmILuMHIsSj7Iw= =C4JQ -----END PGP SIGNATURE----- --------------enigA78DBAA9C80E3EA355F40DD9--