I am using pam_listfile to permit a small list of users to have access =
to sshd no matter where they log in
I also have to permit ssh access to any user on our local network. With =
listfiles I have to list every machine name on the network. This is bit =
of a pain.

If listfiles understood wildcards, it would be ok. (*.silonex.com)

To go at the problem more directly, how hard would it be to build a new =
plug-in to take a network description and determine if the user is =
attached to that network?

auth required pam_localnet sense=3Dallow tests for 192.168.x.x =
or 10.x.x.x or ??? (I think there is one other private address range)

OR

auth required pam_net sense=3Dallow net=3D192.168.1.0,205.151.82.0 =
test for an arbitrary network this is more complex but perhaps more =
useful.

This would solve my problem

auth [success=3D1] pam_listfile.so sense=3Dallow =
file=3D/etc/sshd/allowedusers
auth required pam_localnet.so sense=3Dallow
auth required pam_winbind.so
auth required pam_nologin.so

if you are one of the chosen people go ahead otherwise you had better in =
the building somewhere.

Or does this already exist and I have not found it?

Ron