On Thu, Mar 16, 2006 at 08:34:14PM -0500, Ron Wheeler wrote:
> Darren Tucker wrote:
> >AllowGroups sshusers
> >AllowUsers *@192.168.1.*
> >
> >

> Very slick and a lot less trouble.
> I went down to my local library and borrowed a book on C programming on
> Linux just in case I had to write a PAM module.
> This is going to be a lot easier to implement and maintain.

Actually, thinking about it that won't work as above, since your local
users will be denied since they're not in AllowGroups before AllowUsers
is checked. Changing the AllowUsers to AllowGroups ought to work, though.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.