If you're talking about interactive servers that your users would be logging in to (via ssh, for example), yes, you can do what you're talking about pam-ldap checks an attribute called 'hosts' that will indicate to pam whether or not to allow the user to authenticate. i am using this setup in a multiuser environment right now. If this isn't what you're talking about at all, then I'm sorry for stealing your bandwidth. bc On Fri, Mar 28, 2003 at 07:08:04AM +0100, Thomas Nau wrote: > On Thu, 27 Mar 2003, jacob walcik wrote: > > >i've setup host entries for each of the servers i have that i want to > >use my ldap directory for authentication: server1, server2, and server3 > > > >i've added a dozen or so users to my ldap directory: user1 - user12 > > > >now, i want to be able to restrict users logins so that user1 can only > >log into server1 and server2, but can't log into server3 > > > >is this possible? > > One way to do so ist to use netgroups. Just create a netgroup holding the > users for a certain box. The only difference is that you cannot use > > passwd: ldap > > in nsswitch.conf anymore but must use > > passwd: compat > passwd_compat: ldap > > Works for Solaris and most likely for Linux > > Hope this helps, > Thomas > > ----------------------------------------------------------------- > PGP fingerprint: B1 EE D2 39 2C 82 26 DA A5 4D E0 50 35 75 9E ED > Phone: +49 731 50 22464 > FAX: +49 731 50 22471
Attachment:
pgpoFNLdgf5nG.pgp
Description: PGP signature