1999-05-11-22:25:22 Paul Hubbard:
> Are there any packages/programs that will allow me to set things up like
> this:
>
> user aaa can login from local machines and *.earthlink.net
> user bbb can login from local machines and *.gte.net
> user ccc can login from anywhere
> all others can login only from local machines
I dunno of logdaemon[1] offers that granularity, but that's the first place
I'd look.
But a bigger question is how worthwhile are that particular sort of
restrictions? I don't value them a whole lot, myself, since such restrictions
depend on people being unable to overwhelm any machine in a position to forge
the needed source addresses. I prefer instead arranging for users who need
remote access over the internet to have a trusted computing base --- perhaps a
laptop, perhaps their home machine --- which contains suitable crypto keys for
a protocol like ssh.
-Bennett
[1] <URL:ftp://ftp.porcupine.org/>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
