Restrict access by IP

waifurchin · 01-27-2003, 03:48 PM

Is it possible to restrict a user's login to a certain group based on the IP of the connection?

For example, if user "bob" logs in via ssh from a machine with an IP from 192.168.0.1 - 192.168.0.100 he is part of group "home" with access to the full system, but if he logs in through any other 192.168.0/24 IP he is restricted to the group "vpn" which has much more limited access.

How would I go about doing this (or is there a better way to manage this)?

Waif

waifurchin · 01-27-2003, 04:28 PM

Additional Info:

Redhat 7.2 - fully patched using the Redhat up2date utility.

Presently there is no secondary authentication server (TACACS+, Radius, etc.).

dorian33 · 02-01-2003, 05:48 AM

my idea is to use the shell starting scripts in correct way (f.ex. for bash I mean /etc/profile & /etc/bashrc)
you can can do there everything you want (ip detecting, permission setting, logout, etc)

unSpawn · 02-02-2003, 07:54 AM

Hmm. Maybe PAM, like http://www.kernel.org/pub/linux/libs...m-6.html#ss6.8