Linux Archive

Linux Archive (
-   Fedora SELinux Support (
-   -   IPTables labeling and user roles (

Konstantin Ryabitsev 12-07-2011 09:43 PM

IPTables labeling and user roles
Hi, all:

Here's an interesting idea I had. Let's say my users have two ways of
logging in to the systems -- one via a VPN that requires 2-factor
authentication, and another directly via ssh using their public key.

Is there a way to use pam in conjunction with iptables packet labeling
to make sure that if the users logged in via VPN, they get user_u, but
if they went directly, they only get guest_u?

Or, simiarly, if a sysadmin logs in via the VPN that required 2-factor
authn, they get sysadm_u, and if directly, then just user_u?

I think that would be kinda neat, but I'm not sure it Works That Way

Best regards,
Konstantin Ryabitsev
Systems Administrator
Linux Foundation,
Montréal, Québec
selinux mailing list

All times are GMT. The time now is 02:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.