Re: [pfSense-discussion] authpf package

2005-10-29 Thread jonathan gonzalez
about this theme a trick can be done, that of course is not disable as it sounds the user access. PAM_file can be used for ssh connections. This feature reads from a file (i.e. in the root directory) a list of allowed users. If a user is in the list he can get in, else, he can't. It's clean

Re: [pfSense-discussion] authpf package

2005-10-28 Thread Travis H.
ssh need to be open on WAN interface and all user that have real shell could be disabled for security concern. Be careful when trying to disable users via their login shell: http://www.csh.rit.edu/~psionic/articles/ssh-security/ -- http://www.lightconsulting.com/~travis/ -- We already have

Re: [pfSense-discussion] authpf package

2005-10-26 Thread Bill Marquette
On 10/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: Is there any way to easily hook pam/radius up to authpf? Yes, but that handles the passwords, not the fact that the user needs to have an account on the box (radius doesn't give back UID/GID and shell information). --Bill

[pfSense-discussion] authpf package

2005-09-07 Thread D.Pageau
In the past I have used openbsd authpf wich is a special shell that add dynamic rules in pf firewall. It's basically the same idea of port knocking where port are blocked by default and can be opened but it's much more powerfull. http://www.openbsd.org/faq/pf/authpf.html I'd like to get

RE: [pfSense-discussion] authpf package

2005-09-07 Thread Gary Buckmaster
:07 AM To: Pfsense Discussion Subject: [pfSense-discussion] authpf package In the past I have used openbsd authpf wich is a special shell that add dynamic rules in pf firewall. It's basically the same idea of port knocking where port are blocked by default and can be opened but it's much more

Re: [pfSense-discussion] authpf package

2005-09-07 Thread Scott Ullrich
Discussion Subject: [pfSense-discussion] authpf package In the past I have used openbsd authpf wich is a special shell that add dynamic rules in pf firewall. It's basically the same idea of port knocking where port are blocked by default and can be opened but it's much more powerfull. http