Is it possible to use this combination? syslog shows messages like "Oct 18 14:43:27 xenhost xapi: [ info|xenhost|257864 INET 0.0.0.0:80|session.logout D:ab018eaf7fe5|xapi] Session.destroy trackid=21c0955a69d3f451ea5775d8098600a5" so what I'm in doubt is that there is INET 0.0.0.0:80, and not specific IP addres of the origin, so I'm not sure if I can use pam_access with xapi to prevent or allow specific users on specific IPs.
I want to allow root to login to xapi from specific address without password, and from all other addresses with password. [root@xenhost ~]# cat /etc/pam.d/xapi #%PAM-1.0 auth sufficient pam_access.so accessfile=/etc/security/xapi_access.conf debug auth include system-auth account include system-auth password include system-auth [root@xenhost ~]# cat /etc/security/xapi_access.conf + : root : a.b.c.d - : ALL : ALL With this config, nothing has changed. [root@xenhost ~]# cat /etc/security/xapi_access.conf + : root : a.b.c.d With a config above, I could login with root from any IP address. _______________________________________________ Xen-api mailing list [email protected] http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api
