[OpenIndiana-discuss] PAM risk based authentication?

[Stefan Müller-Wilken]

Well, also an approach, but restricted to SSH only. My requirement is to conditionally include PAM modules, so tuning httpd will not suffice, I'm afraid. But thanks for the idea!

Cheers
 Stefan


________________________________________
Von: Hugh McIntyre [lists at mcintyreweb.com]
Gesendet: Freitag, 11. Dezember 2015 09:45
An: openindiana-discuss at openindiana.org
Betreff: Re: [OpenIndiana-discuss] PAM risk based authentication?

I have not tried this, but if this is only for SSH, did you try "Match"
directives as listed under
http://serverfault.com/questions/355484/change-the-ssh-authentication-method-depending-on-the-ip-address?

Hugh.


On 12/10/15 5:40 AM, Stefan Müller-Wilken wrote:
> Dear all,
>
>
>
> is there a way in OpenIndiana's PAM  implementation to route through PAM modules based on environment conditions, a.k.a risk based authentication? More concretely I'd like to introduce a 2-factor PAM auth module when coming from certain IP ranges while staying with traditional Passwords for others and allow Kerberos while SSH'ing on my private network only.
>
>
>
> Is this possible today? Thanks for any ideas! :-)
>
>
>
> Cheers
>
>   Stefan
>
>
>
> ________________________________
>
> Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Gesch?ftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


-----
Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | USt-IdNr.: DE208833022