PAM and login.conf + SSH and IMAP

Theodore Knab tjk at annapolislinux.org
Fri Feb 11 07:17:31 PST 2005 

I have never used the the /etc/login.access to limit access.

However, I have used other things, which are listed here.

If you are trying to limit regular users from connecting to your system via
their IMAP password that is in /etc/passwd, you could do the following:  

1. Add an access list to the /etc/pam.d/ssh file
auth        required    pam_listfile.so item=user sense=allow file=/etc/sshusers-allowed onerr=fail 

2. Don't give the users on IMAP a shell account.
/bin/false or /dev/null as their login shell

3. Firewall the machine so only a few IP's can use ssh.


On 08/02/05 00:05 -0500, Paul Sandys wrote:
> 
> I need to block ssh access to wheel only and at the same time allow IMAP access
> to any user.
> 
> When I put following in /etc/login.access, the ssh behaves the way I want:
> +:wheel:ALL
> -:ALL:ALL
> 
> However, it also denies imap access. I'm trying different options in
> /etc/pam.d/imap without any success. Is there a PAM module that would
> authenticate using system password file and disregarded /etc/login.access ?
> 
> Any suggestions ?
> 
> Thanks,
> Paul
> 
> 
> Paul Sandys
> network operations manager
> http://www.nyct.net/
> 212.293.2620
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"

-- 
------------------------------------------
Ted Knab
Chester, Maryland  21619 USA
------------------------------------------
The perception of knowledge is an egotistical farce in which
humans extrapolate from simplifications.

Proud Graduate of the 'Wack a Mole' Academy of Psydo Sciences.

Legal Disclaimer:
-------------------------------------
This e-mail is privileged, confidential and subject to the
GNU public licence. Any unauthorized use or disclosure of its contents is 
strictly prohibited and will result in a intensive investigation by the
unofficial enforcement agencies whom are watching you read this email.
The views expressed in this communication may not necessarily be 
the views held by the Scottish Borders Council, the Japanese Education Ministry,
the Annapolis Linux Users group, or the author whom composed it.

More information about the freebsd-isp mailing list