FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

LinkBack Thread Tools
Old 12-07-2011, 09:43 PM
Konstantin Ryabitsev
Default IPTables labeling and user roles

Hi, all:

Here's an interesting idea I had. Let's say my users have two ways of
logging in to the systems -- one via a VPN that requires 2-factor
authentication, and another directly via ssh using their public key.

Is there a way to use pam in conjunction with iptables packet labeling
to make sure that if the users logged in via VPN, they get user_u, but
if they went directly, they only get guest_u?

Or, simiarly, if a sysadmin logs in via the VPN that required 2-factor
authn, they get sysadm_u, and if directly, then just user_u?

I think that would be kinda neat, but I'm not sure it Works That Way

Best regards,
Konstantin Ryabitsev
Systems Administrator
Linux Foundation, kernel.org
Montréal, Québec
selinux mailing list

Thread Tools

All times are GMT. The time now is 05:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org