[99497] in RedHat Linux List
Re: radius (was: Re: Keeping certain users out....)
daemon@ATHENA.MIT.EDU (Kevin W. Reed)
Sun Nov 15 00:36:36 1998
Date: Sat, 14 Nov 1998 22:36:18 -0700
From: "Kevin W. Reed" <soldo@telesys.tnet.com>
To: redhat-list@redhat.com
Mail-Followup-To: redhat-list@redhat.com
In-Reply-To: <364DC7E6.2F97714D@nook.net>; from Ramon Gandia on Sat, Nov 14, 1998 at 09:11:50AM -0900
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Told to us by Ramon Gandia (rfg@nook.net)
on Sat, Nov 14, 1998 at 09:11:50AM -0900
> > Jeremy Domingue wrote:
> >
> > > I was curious if there is a way to selectively deny telnet access to users
> > > that exist in the password file without disabling the account? For example,
> > > I run mail and radius services which I want the user to be able to access,
> > > but do not want to give the same user telnet login access.... how can I
> > > accomplish this?
>
> Hossein S. Zadeh wrote:
>
> > Do you run a radius server or client? Can I get some information about
> > its
> > setup? Is there a RPM for radius?
>
> I want to answer both of these questions, because it is the system
> I use here. Mine run on Red Hat 4.2, but should also run fine on
> RH 5.x.
>
> (1) To deny telnet access, etc. Each user that is to be denied
> needs to have his shell in /etc/passwd changed to /bin/false.
> An example of an entry for him would be like this:
>
> sandman:x:787:100::/home/sandman:/bin/false
> ^^^^^^^^^^
Personally, I would use the following entry instead.
sandman:x:787:100::/home/sandman:/usr/bin/passwd
This accomplishes two things.
1) The user still cannot get shell access.
2) It provides the user with the ability to change the password
to their account. All they do is telnet to the box using
their account name and current password, passwd program runs
and lets them change their password and they are logged off.
No shell access is granted.
> (2) The second thing you need to make sure is that "false" is
> a defined shell in /etc/shells, and that there EXISTS such
> a shell in /bin. In Red Hat 4.2, "/bin/false" is a script.
> More on this later.
Same for the above...
[rest is the same]
--
----------------------------------------------------------------------
Kevin W. Reed - Voice 602-469-5106 TNET Services - MAILBOT.COM
Mesa, Arizona U.S.A. MAJORDOMO & Mailing List Account
mailto://soldo@tnet.com - http://www.tnet.com - http://www.mailbot.com
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
