Date: Tue, 7 May 2002 15:43:33 -0700 (PDT) From: "Nielsen" <nielsen@memberwebs.com> To: "Rob Andrews" <rob@cyberpunkz.org>, <security@FreeBSD.ORG> Subject: Re: Telnet Exploit Message-ID: <20020507224333.8F51637B404@hub.freebsd.org> References: <135YGUD5H2YCVJ3JLY3L2CMBQCXYNOQCEADYX2T5@ziplip.com> <200205061347.54915.dowen@pstis.com> <20020507062534.E638C37B401@hub.freebsd.org> <20020507014934.D58289@switchblade.cyberpunkz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I was attempting something like this with sudo to no avail. We were > attempting to setup a separate password file for sudo but it didn't > quite cut it. I've made queries about this before to the list but > no one ever responded to it.. If you just want one password file for shells and another for insecure logins, then use /usr/ports/security/pam_pwdfile. Replace the pam_unix.so in pam.conf for each service you want to use the other password file. > How is it that you have managed to separate using pam, logins for > ftp, pop3, smtp, or whatever you choose from things such as sshd? What we did was something different. Wrote a PAM module, that disallows logins for all insecure services (where specified in pam.conf) when the user has a valid shell. > I'd be real interested in how you've managed this as it would be > very helpful to future development of machines on my networks. As it is the module isn't autoconfiscated or anything, but can do if anyone's interested. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020507224333.8F51637B404>