Limited login// Re: Access control by host and user //Re: time control for remote ssh/sftp access

[RalfGesellensetter <rgx@gmx.de>]

Am Donnerstag, 17. Dezember 2009 schrieb Jonas Smedegaard:
> Please describe what is your scenario (e.g. are diskless? times?
>  users?  other issues? involved).
> 
Okay. I'll try once more:


User lib01 (in ldap) should only be allowed to login from static50 
(10.0.2.100) - a semi-public accessible machine in our library. 
Especially, the anonymous account lib01 should not be used from within a 
class lab.

The more I think about it, I feel there is a seperate solution for 
different protocols/profiles:

For LTSP, it's not a big deal to block user lib01 in Xsession, I think.
For workstations, it might get a bit harder, but possibly lib01 could 
get a .profile script closing the session if run from the wrong host.

For Samba clients, there might be a way either in login.bat or in 
smb.conf to restrict login to specific hosts.

But as all kind of protocols/profiles log to auth.log, pam could still 
be a central point of blocking...

Regards
Ralf