Steve Grubb wrote:
On Tuesday 17 February 2009 12:27:58 pm vu pham wrote:
Or any better way to do it ?
You might consider pam_access. You can state the machines/user pairs concisely
and use an "except" statement to exclude the 2 accounts from an "all"
statement. There are examples in /etc/security/access.conf
-Steve
[email protected] wrote:
[...]
> I don't know if your solution presents any security problem (it might)
> but probably a much easier and cleaner way of accomplishing the same
> thing is to use pam_access. Have a look at pam_access(8) and
> access.conf(5) or /usr/share/doc/pam-*/txts/README.pam_access.
>
> I haven't used it in some time but basically you should be able to use
> lines like the following in /etc/security/access.conf:
>
> +:u2:host2
> +:u3:host3
>
> Cheers,
>
> Lars
Steve, Lars,
Thanks for your advice. Yes, pam_access.so makes it much simpler.
My /etc/security/access.conf has :
+:u2:192.168.249.172
-:u2:ALL
+:u3:192.168.249.210
-:u3:ALL
and it works fine.
Thanks,
Vu
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
