On Sun, Apr 14, 2019 at 4:06 AM Peter J. Holzer <hjp-pg...@hjp.at> wrote:
> > If you want to prevent a user from logging in (which is functionally > equivalent but a bit stronger than "instantly kick off"), then this is > definitely something that could and should be implemented via PAM (I'm > not sure what information is passed to PAM, so you might get the IP > address but not the application name (the latter can't be trusted > anyway), for example). > > I think the only information you can reliably count on is the user name. IP addresses may not be the true IP address of the user if there's some kind of relay or cache in place. Having been through the PCI compliance wringer a few times, I wish the OP luck. -- Mike Nolan
