Limited login// Re: Access control by host and user //Re: time control for remote ssh/sftp access
Am Donnerstag, 17. Dezember 2009 schrieb Jonas Smedegaard:
> Please describe what is your scenario (e.g. are diskless? times?
> users? other issues? involved).
>
Okay. I'll try once more:
User lib01 (in ldap) should only be allowed to login from static50
(10.0.2.100) - a semi-public accessible machine in our library.
Especially, the anonymous account lib01 should not be used from within a
class lab.
The more I think about it, I feel there is a seperate solution for
different protocols/profiles:
For LTSP, it's not a big deal to block user lib01 in Xsession, I think.
For workstations, it might get a bit harder, but possibly lib01 could
get a .profile script closing the session if run from the wrong host.
For Samba clients, there might be a way either in login.bat or in
smb.conf to restrict login to specific hosts.
But as all kind of protocols/profiles log to auth.log, pam could still
be a central point of blocking...
Regards
Ralf
Reply to: