On Mon, 8 Jul 2002, Shyam Kumar Mankayil wrote:
>
> I am hosting a couple of sites at my server , and my style is by creating a username
>- password for every client that I host : Some may have to be denied telnet , others
>ftp .
>
> How do I deny a user (say user xyz , that I assossiate with xyz.com ) , from telnet ?
>
Try to play around with the /etc/security/access.conf file.
Add "account required /lib/security/pam_stack.so service=system-auth"
to the /etc/pam.d/login file:
[snip]
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
account required /lib/security/pam_access.so
account required /lib/security/pam_tally.so deny=3 no_magic_root reset
[snip]
Then add user names in the /etc/security/access.conf file who are not
allowed to login from certain servers. For example:
-:user1:server1.example.com
In this example, "user1" will not be able to login from server1.example.com
but from all other servers. And since we did not add "pam_access.so" to
the /etc/pam.d/kwuftpd file, user1 can still ftp to the server.
In order to solve your problem for setting up different access profiles
for different services, you need to use the "accessfile" parameter
when you add "/lib/security/pam_access.so" to the different services
files in /etc/pam.d.
Using this method you can say for instance that user1 is allowed to ftp
from server A but but from server B, and user1 is allowed to telnet from
server B but not from server A etc.
Werner
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
