On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote:
> Given, there's several solutions to this:
>
> 1) The Kluge as above.
>
> 2) A pam module to check /etc/group (this is standard login behavior, and
> historically supported, and available on other platforms, adding a module,
> even to ports, is trivial.
>
> 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH
> has the "UseLogin" option, which may also do this.
>
> 4) An option to pam_unix to check this. Differs from #2 in that it's a
> change to an existing module instead of one in ports.
5) Use AllowGroups/AllowUsers and/or their Deny equivalent in sshd_config.
6) Disable password based logins and use keys only.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
