On Mon, 2007-01-15 at 16:08 +0100, Adrian von Bidder wrote: > On Monday 15 January 2007 10:26, Berend De Schouwer wrote: > > On Sun, 2007-01-14 at 14:36 +0100, Adrian von Bidder wrote: > > > > I have users a, b, c, d, e. All users except e can have shell access, > > > but beecause shell access is powerful, must not be able to log in with > > > password, but only with public key. User e is allowed to log in with > > > password and is restricted by rssh to only use scp, sftp or rsync so > > > that even if that password is stolen/guessed, the attacker can at most > > > deface the hosted web site in e's directory. > > > > You could set the passwords for a, b, c, and d to some invalid hash > > in /etc/passwd, so no password will actually work, but public keys do > > work. Like ubuntu does with 'root' in the default install. > > Good idea, except that I need a valid password for access via imaps :-(
Ouch! Then you need fine-grained access control. Which means playing a lot with the files in /etc/pam.d/ and /etc/security/. Unfortunately not all apps support all the options. They make for an interesting read, anyway. Regards, Berend -- Confidentiality notice: http://ucs.co.za/conf.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]