In message <199811232127.QAA01220@grosse.fugue.com>, Ted Lemon writes:
>> 	2. accounts can ftp, pop, but not SSH in.

>Will logincap actually do this?

It certainly could, if sshd were told to use the authentication scheme.
You'd create a login class with
	auth-ssh=reject
and *poof*, can't ssh.

>> 	3. accounts can POP in, and SSH in, but not with a password, at the
>> 	same time, the same IP may have to be permitted to telnet in to use
>> 	a different account (i.e. one that doesn't let them out of the
>> 	program) 

>What about this?

Seems easy enough.  Each account (or style of account) can use different
authorization methods for everything.

>> 	4. all of the above, but now with CryptoCard, SecureID and s/key.
>> 	i.e. you can telnet in with your password from host1, you must use
>> 	your SSH RSA Auth key from host2, but I'll let you do FTP with
>> 	SecureID from host3.

>And this?

Should be no problem.

>Would you be offended if I pointed out that you've described an
>surprisingly complicated authentication scheme?   Is this really what
>you want, or are you being forced into it because of failings of the
>technology that's currently available?

It's really not nearly so complicated as it sounds.  The reason I started
this whole nightmarish debate is that I've suddenly realized just how
powerful BSD/OS's authentication is.

But it's very good about keeping everything isolated.  Every authentication
scheme has its own self-contained program, and ones that don't need setuid
can run as a regular user, and so on.

-s