I am using pam_listfile to permit a small list of users to have access to sshd no matter where they log in I also have to permit ssh access to any user on our local network. With listfiles I have to list every machine name on the network. This is bit of a pain.
If listfiles understood wildcards, it would be ok. (*.silonex.com) To go at the problem more directly, how hard would it be to build a new plug-in to take a network description and determine if the user is attached to that network? auth required pam_localnet sense=allow tests for 192.168.x.x or 10.x.x.x or ??? (I think there is one other private address range) OR auth required pam_net sense=allow net=192.168.1.0,205.151.82.0 test for an arbitrary network this is more complex but perhaps more useful. This would solve my problem auth [success=1] pam_listfile.so sense=allow file=/etc/sshd/allowedusers auth required pam_localnet.so sense=allow auth required pam_winbind.so auth required pam_nologin.so if you are one of the chosen people go ahead otherwise you had better in the building somewhere. Or does this already exist and I have not found it? Ron
