[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] xapi and pam_access

  • To: xen-api@xxxxxxxxxxxxxxxxxxx
  • From: Boban Petrovic <boban@xxxxxxxxxxxxx>
  • Date: Thu, 18 Oct 2012 12:52:10 +0000 (UTC)
  • Delivery-date: Thu, 18 Oct 2012 12:55:18 +0000
  • List-id: User and development list for XCP and XAPI <xen-api.lists.xen.org>

Is it possible to use this combination?
syslog shows messages like "Oct 18 14:43:27 xenhost xapi: [ info|xenhost|257864
INET|session.logout D:ab018eaf7fe5|xapi] Session.destroy
trackid=21c0955a69d3f451ea5775d8098600a5" so what I'm in doubt is that there is
INET, and not specific IP addres of the origin, so I'm not sure if I
can use pam_access with xapi to prevent or allow specific users on specific IPs.

I want to allow root to login to xapi from specific address without password,
and from all other addresses with password.

[root@xenhost ~]# cat /etc/pam.d/xapi 
auth       sufficient  pam_access.so accessfile=/etc/security/xapi_access.conf 
auth       include     system-auth
account    include     system-auth
password   include     system-auth

[root@xenhost ~]# cat /etc/security/xapi_access.conf 
+ : root : a.b.c.d
- : ALL : ALL

With this config, nothing has changed.

[root@xenhost ~]# cat /etc/security/xapi_access.conf 
+ : root : a.b.c.d

With a config above, I could login with root from any IP address.

Xen-api mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.