PAM and login.conf + SSH and IMAP
Volker Kindermann
ml at ps102.de
Sun Feb 13 00:55:01 PST 2005
Hi Paul,
> I need to block ssh access to wheel only and at the same time allow IMAP access
> to any user.
>
> When I put following in /etc/login.access, the ssh behaves the way I want:
> +:wheel:ALL
> -:ALL:ALL
>
> However, it also denies imap access. I'm trying different options in
> /etc/pam.d/imap without any success. Is there a PAM module that would
> authenticate using system password file and disregarded /etc/login.access ?
>
> Any suggestions ?
why don't you use ssh's ability to restrict logins?
Look for "Allowed groups" in man sshd_config
If you allow the wheel group there, than no other user may login via ssh.
-volker
More information about the freebsd-isp
mailing list