On Thu, Oct 18, 2012 at 5:52 AM, Boban Petrovic <bo...@mainstream.rs> wrote:
> Is it possible to use this combination? > syslog shows messages like "Oct 18 14:43:27 xenhost xapi: [ > info|xenhost|257864 > INET 0.0.0.0:80|session.logout D:ab018eaf7fe5|xapi] Session.destroy > trackid=21c0955a69d3f451ea5775d8098600a5" so what I'm in doubt is that > there is > INET 0.0.0.0:80, and not specific IP addres of the origin, so I'm not > sure if I > can use pam_access with xapi to prevent or allow specific users on > specific IPs. > > I want to allow root to login to xapi from specific address without > password, > and from all other addresses with password. > > [root@xenhost ~]# cat /etc/pam.d/xapi > #%PAM-1.0 > auth sufficient pam_access.so > accessfile=/etc/security/xapi_access.conf debug > auth include system-auth > account include system-auth > password include system-auth > > [root@xenhost ~]# cat /etc/security/xapi_access.conf > + : root : a.b.c.d > - : ALL : ALL > > With this config, nothing has changed. > > > > [root@xenhost ~]# cat /etc/security/xapi_access.conf > + : root : a.b.c.d > > With a config above, I could login with root from any IP address. > > Sorry for the late response. I think you'll need to tell XCP to use PAM first. > http://wiki.xen.org/wiki/XCP,_RBAC_and_PAM_authentication_in_XenAPI Grant McWilliams http://grantmcwilliams.com/ Some people, when confronted with a problem, think "I know, I'll use Windows." Now they have two problems.
_______________________________________________ Xen-api mailing list Xen-api@lists.xen.org http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api
