Date: Fri, 11 Feb 2005 10:17:30 -0500 From: Theodore Knab <tjk@annapolislinux.org> To: Paul Sandys <myj@nyct.net>, freebsd-isp@freebsd.org Subject: Re: PAM and login.conf + SSH and IMAP Message-ID: <20050211151730.GA6896@annapolislinux.org> In-Reply-To: <20050208000000.D64811@bsd3.nyct.net> References: <20050208000000.D64811@bsd3.nyct.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I have never used the the /etc/login.access to limit access. However, I have used other things, which are listed here. If you are trying to limit regular users from connecting to your system via their IMAP password that is in /etc/passwd, you could do the following: 1. Add an access list to the /etc/pam.d/ssh file auth required pam_listfile.so item=user sense=allow file=/etc/sshusers-allowed onerr=fail 2. Don't give the users on IMAP a shell account. /bin/false or /dev/null as their login shell 3. Firewall the machine so only a few IP's can use ssh. On 08/02/05 00:05 -0500, Paul Sandys wrote: > > I need to block ssh access to wheel only and at the same time allow IMAP access > to any user. > > When I put following in /etc/login.access, the ssh behaves the way I want: > +:wheel:ALL > -:ALL:ALL > > However, it also denies imap access. I'm trying different options in > /etc/pam.d/imap without any success. Is there a PAM module that would > authenticate using system password file and disregarded /etc/login.access ? > > Any suggestions ? > > Thanks, > Paul > > > Paul Sandys > network operations manager > http://www.nyct.net/ > 212.293.2620 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- ------------------------------------------ Ted Knab Chester, Maryland 21619 USA ------------------------------------------ The perception of knowledge is an egotistical farce in which humans extrapolate from simplifications. Proud Graduate of the 'Wack a Mole' Academy of Psydo Sciences. Legal Disclaimer: ------------------------------------- This e-mail is privileged, confidential and subject to the GNU public licence. Any unauthorized use or disclosure of its contents is strictly prohibited and will result in a intensive investigation by the unofficial enforcement agencies whom are watching you read this email. The views expressed in this communication may not necessarily be the views held by the Scottish Borders Council, the Japanese Education Ministry, the Annapolis Linux Users group, or the author whom composed it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050211151730.GA6896>