| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Hello. I have firewall protected network in which also mailserver (dovecot/postfix) runs, and every local user with account, can access it. Now I have some privileged users which need access also from outside, true firewall, so I try to make this happend with pam, but con't figure out, how to do it with two pair of rules, something like: let the group1 members access mailserver from 0.0.0.0/0 let the group2 members access mailserver from 172.0.0.0/24group1 members are also members of group2 and logically group1 members should access mailserver from every network, including 172.0.0.0/24 and group1 members should access mailserver only from 172.0.0.0/24 network.
/etc/pam.d/dovecot.pam includes:auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth account required pam_access.so /etc/security/access.conf includes: +:ALL group1:0.0. +:ALL group2:172.0. -:ALL:ALL Tried also: -:ALL EXCEPT group1:0.0. +:ALL group2:172.0. And: +:group1:0.0. +:group2:172.0. -:ALL:ALLSomehow I just can't get this two rules pair work this way. Can someone please tell me is this ever possible? Or maybe someone have made some special module for this?
-- Sysadmin _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
[Home] [Kernel List] [Red Hat Install] [Linux for the blind] [Red Hat Watch List] [Gimp] [Kerberos: The Definitive Guide]
|
|