On Tue, May 31, 2005 at 02:25:43PM +0200, Jonathan Weiss wrote: > > As far as I know, authpf is only for authentification. This > > means that it will activate you rules, nothing more. It is > > not a shell or will it fork to your shell. > > > > You need a second SSH connection for this. > > With a second user id, which has a real shell, yes. > > Some people would argue that you shouldn't give out interactive > shells ON THE FIREWALL ITSELF. > > > Please somebody correct me if I'm wrong. > > No, that's correct. Working as intended. :)
In attempting to figure out a way to do this I came across this thread. I know it's a few years old, but I haven't been very successful at finding out anything more. I want to be able to not only authenticate, but provide a shell into the *same* box. When I try to use another UID coming from the same IP, as suggested above, it doesn't work: ++++++++++++++++++/var/log/messages++++++++++++++++++ Apr 22 23:25:22 <user.debug> srv0 -authpf: tried to lock /var/authpf/<...>, in use by pid 6894: Resource temporarily unavailable +++++++++++++++++++++++++++++++++++++++++++++++++++++ (note: pf works fine by itself; when using authpf for users (in /etc/login.conf) it also appears to work, as it would be used for most setups, just fine) While I would agree that issuing interactive shells on a traditional firewall is obviously bad, it's feasable that using pf+authpf, combined with interactive shells, for a non-traditional setup is possible. I mean, pf and authpf are just tools... not the policy itself, right? So, is there a way to achieve both authentication and interactive access? Am I missing something stupid? :) Thanks, as always. -- Adam Richards e:[EMAIL PROTECTED] | k:0x0BA2643B
