Thanks to the many people that responded.
My apologies about the "#" character in front of the telnetd: line that
was a typo and was not present during my testing of tcpwrappers.
In summary, what I'm trying to accomplish which is to restrict a user to
a specific host or IP address cannot be accomplished with tcpwrappers
when the user is telnetting in from a Win9x box. This is because
tcpwrappers depends on the remote host using the identd protocol for
obtaining remote identities which Win9x doesn't provide or support.
Some people suggested putting this type of restriction into the user's
.login or .profile script or the system wide login script so it will
just kick them out when they're trying to log in from an unauthorized
workstation. I think I'll be taking this approach.
One other person also suggested the follow possible method:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The only reliable way I've found to
implement this feature is with a custom SIA mechanism. Check
http://www.ultranet.com/~spiderb/sec/ for the "siaskey"
distribution, to see one which comes close to doing what you
want. I'm leaving it as "an exercise for the reader" to figure
out how to make it handle a different set of lookup data,
however you decide to store it.
Spider Boardman (at home) spider_at_Orb.Nashua.NH.US
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First SUMMARY post:
Chris Los wrote:,
> Most people said this could be done using tcpwrappers. So i've tried
> this but still can't get it working. My hosts.allow file looks like
> this:
>
> # /usr/local/hosts.allow
> #
> #telnetd : juser_at_222.22.22.222 : ALLOW
> #
>
> ALL : ALL : DENY
> #
> "juser" is telnetting from a win95 station using his local terminal
> emulation package.
> Any suggestions???
Original post:
We're running DU 4.0E (C2 security) and would like to restrict a userid
to logging in from a specific hostname only. Is there any feature in C2
that would allow me to setup this restriction? I've looked thru
dxaccounts but couldn't find anything there.
Received on Fri Aug 04 2000 - 16:45:38 NZST