On 07/08/2013 07:44 PM, KodaK wrote:
We've just discovered that AIX does not honor HBAC rules with telnet.
ssh is fine.
no AIX expericence, but I once overheard someone that did something like
this using pam and apparently you could use the pam_permission module:
so you could add this to /etc/pam.conf
telnet auth requisite /usr/lib/security/pam_permission
and create the file /etc/pam.groups.telnet with info like this:
in this case mygroup1 and mygroup2 may telnet, whereas mygroup3 is
You could even harden it even more with good old tcp_wrappers
If you have a config tool (cfengine, puppet, whatever), this could be
quite easy to distribute once properly tested.
Totally untested :-) but maybe worth a shot.
Freeipa-users mailing list