[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] xapi and pam_access




On Thu, Oct 18, 2012 at 5:52 AM, Boban Petrovic <boban@xxxxxxxxxxxxx> wrote:
Is it possible to use this combination?
syslog shows messages like "Oct 18 14:43:27 xenhost xapi: [ info|xenhost|257864
INET 0.0.0.0:80|session.logout D:ab018eaf7fe5|xapi] Session.destroy
trackid=21c0955a69d3f451ea5775d8098600a5" so what I'm in doubt is that there is
INET 0.0.0.0:80, and not specific IP addres of the origin, so I'm not sure if I
can use pam_access with xapi to prevent or allow specific users on specific IPs.

I want to allow root to login to xapi from specific address without password,
and from all other addresses with password.

[root@xenhost ~]# cat /etc/pam.d/xapi
#%PAM-1.0
auth    sufficient Âpam_access.so accessfile=/etc/security/xapi_access.conf debug
auth    include   system-auth
account  Âinclude   system-auth
password  include   system-auth

[root@xenhost ~]# cat /etc/security/xapi_access.conf
+ : root : a.b.c.d
- : ALL : ALL

With this config, nothing has changed.



[root@xenhost ~]# cat /etc/security/xapi_access.conf
+ : root : a.b.c.d

With a config above, I could login with root from any IP address.


Sorry for the late response. I think you'll need to tell XCP to use PAM first.

Â
http://wiki.xen.org/wiki/XCP,_RBAC_and_PAM_authentication_in_XenAPI

Â

Grant McWilliams
http://grantmcwilliams.com/

Some people, when confronted with a problem, think "I know, I'll use Windows."Â
Now they have two problems.
_______________________________________________
Xen-api mailing list
Xen-api@xxxxxxxxxxxxx
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.