I am searching a solution for a request of a customer. Right now, he uses loginappl to control who can login from any machine. For instance,
auth LOGINAPPL ssh gid(sysadmin) acc(X)
Unfortunately, he cannot use loginappl to control where the login request comes from.
Now, he needs to allow any users connected from a specific host, for instance, hermes via ssh. I think to use a rule like,
authorize TCP ssh uid(*) host(hermes) access(write)
Can these two policies work together to meet the request of the customer? When a ssh request from hermes, it is allowed for any user. When the request from other hosts, loginappl will control.