Well, also an approach, but restricted to SSH only. My requirement is to conditionally include PAM modules, so tuning httpd will not suffice, I'm afraid. But thanks for the idea!
Cheers Stefan ________________________________________ Von: Hugh McIntyre [[email protected]] Gesendet: Freitag, 11. Dezember 2015 09:45 An: [email protected] Betreff: Re: [OpenIndiana-discuss] PAM risk based authentication? I have not tried this, but if this is only for SSH, did you try "Match" directives as listed under http://serverfault.com/questions/355484/change-the-ssh-authentication-method-depending-on-the-ip-address? Hugh. On 12/10/15 5:40 AM, Stefan Müller-Wilken wrote: > Dear all, > > > > is there a way in OpenIndiana's PAM implementation to route through PAM > modules based on environment conditions, a.k.a risk based authentication? > More concretely I'd like to introduce a 2-factor PAM auth module when coming > from certain IP ranges while staying with traditional Passwords for others > and allow Kerberos while SSH'ing on my private network only. > > > > Is this possible today? Thanks for any ideas! :-) > > > > Cheers > > Stefan > > > > ________________________________ > > Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Gesch?ftsführer: > Guido Ahle | Amtsgericht Hamburg, HRB 76048 | Ust.Ident-Nr.:DE208833022 > _______________________________________________ > openindiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss ----- Acando GmbH, Millerntorplatz 1, 20359 Hamburg, Germany | Geschäftsführer: Guido Ahle | Amtsgericht Hamburg, HRB 76048 | USt-IdNr.: DE208833022 _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
