[SunHELP] How to restrict the login on Solaris servers
gonufer
sunhelp at sunhelp.org
Thu Aug 30 10:45:34 CDT 2001
Li John-a16118 wrote:
> One common situation in using Solaris server is: We want some server
> dedicate to some users. To implement this, we can restrict the
> login on the server so that only specific users can use the server.
> Other users, even in a NIS domain, can't login the restricted
> server.
>
> Any good suggestions are highly appreciated.
I use the pam_listfile module and added it to /etc/pam.conf. I
use it as a filter on the other authentication methods preventing
people not listed in /etc/friends from using the machine even though
they have passwd file entries in the NIS maps.
% grep friends /etc/pam.conf
login auth required /usr/lib/security/$ISA/pam_listfile.so.1
onerr=fail item=user sense=allow file=/etc/friends
rlogin auth required /usr/lib/security/$ISA/pam_listfile.so.1
onerr=fail item=user sense=allow file=/etc/friends
dtlogin auth required /usr/lib/security/$ISA/pam_listfile.so.1
onerr=fail item=user sense=allow file=/etc/friends
rsh auth required /usr/lib/security/$ISA/pam_listfile.so.1
onerr=fail item=user sense=allow file=/etc/friends
other auth required /usr/lib/security/$ISA/pam_listfile.so.1
onerr=fail item=user sense=allow file=/etc/friends
%
I think I downloaded the sources from some "Linux" PAM module web
site but it compiled with minor changes on SunOS. It's a very
flexible module that can be used for a variety of tasks.
-greg
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the SunHELP
mailing list