[SunHELP] User Access
Phil Stracchino
alaric at caerllewys.net
Wed Jul 2 12:40:25 CDT 2003
On Wed, Jul 02, 2003 at 01:24:54PM +0500, Adnan Sarkar wrote:
> Dear Managers
>
> I have a simple question for u
> I m using Solaris 8 on my sun fire 280 R machine with Tcp wrappers enabled ,I
> have restricted telnet and all other services from some specific Ip addresses
> ,using hosts.allow and hosts.deny files ,now I want that some on my users can
> access my machine from any where ,but with specific user ids ,how is this
> possible ,what changes I have to made in my setting ,in my opinion something
> would be change in host.allow file ,but I don't know what to change
> waiting for ur replies
You cannot do what you're trying to do the way you're trying to do it,
because at the time tcpwrappers has to allow or deny establishment of
the connection, it has no way to know what the user's UID is. The
system cannot authenticate a remote user until a connection exists, so
you cannot make establishment of that connection dependent on
authentication.
The best way to do what you want to do is via ssh. Using ssh, you can
specify which users are permitted to use the service, and if you choose,
you can allow them to connect only from specified hosts. Both of these
are done with the AllowUsers command in sshd_config.
--
.********* Fight Back! It may not be just YOUR life at risk. *********.
: phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
: alaric at caerllewys.net : alaric-ruthven at earthlink.net : phil at latt.net :
: 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) :
: Linux Now! ...Because friends don't let friends use Microsoft. :
More information about the SunHELP
mailing list