What I ultimately want is to be able to set up accounts that:
	1. you can ftp/telnet to from some IP addresses (or some ttys), but
	SSH only with RSA Auth to from others. 
	2. accounts can ftp, pop, but not SSH in.
	3. accounts can POP in, and SSH in, but not with a password, at the
	same time, the same IP may have to be permitted to telnet in to use
	a different account (i.e. one that doesn't let them out of the
	program) 

	4. all of the above, but now with CryptoCard, SecureID and s/key.
	i.e. you can telnet in with your password from host1, you must use
	your SSH RSA Auth key from host2, but I'll let you do FTP with
	SecureID from host3.
	
  And I want to be able to do all of this at the same time.

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.