Date: Sun, 7 Aug 2005 19:19:50 -0400 (EDT) From: Jeff Mitchell <skeezix@skeleton.org> To: Benjamin Lutz <benlutz@datacomm.ch> Cc: questions@freebsd.org Subject: Re: telnet/sshd limited by user? Message-ID: <20050807191859.W2146@fw.skeleton.org> In-Reply-To: <42F68C05.1000404@datacomm.ch> References: <20050806221350.C2146@fw.skeleton.org> <42F68C05.1000404@datacomm.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Aug 2005, Benjamin Lutz wrote: # > Is it possible to set things so that 'telnet' is allowed only to one # > specific user, while everyone else needs sshd? ie: Obviously, nologin # > can be used as a shell to not permit any logins (but makes 'su' break # > too), but I'd like to allow telnet for one specific user only and keep # > everyone else on sshd. # # Yes, by playing with PAM. You can change telnetd's PAM configuration # (/etc/pam.d/telnetd) to include a group check: # # auth requisite pam_group.so no_warn group=telnetusers # # Then create a group "telnetusers", and make your telnet user a member of it. # # Haven't tested it myself, hope it works. Ah, indeed; I didn't read much up on PAM and didn't realize it could go through a series of phases before allowing on, so you can do a group-check and then additional checks as well. Neat stuff. Thanks for the tip, jeff -- "Have you played Atari today?"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050807191859.W2146>