On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote: > Given, there's several solutions to this: > > 1) The Kluge as above. > > 2) A pam module to check /etc/group (this is standard login behavior, and > historically supported, and available on other platforms, adding a module, > even to ports, is trivial. > > 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH > has the "UseLogin" option, which may also do this. > > 4) An option to pam_unix to check this. Differs from #2 in that it's a > change to an existing module instead of one in ports.
5) Use AllowGroups/AllowUsers and/or their Deny equivalent in sshd_config. 6) Disable password based logins and use keys only. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"