|
I hope this isn't a silly
question but I have read lots of docs and they all seem to be at the 101
level....
I need to know what I have to do
to be able to differentiate which users in the ldap database (the entire
university) can log onto which machines. All I have read thus far regards
allowing single logons to all machines on a network - this is well and
good, but I only want certain users to be able to access certain machines, and
all users to be able to access others. I feel that there is something akin
to NIS netgroups that will serve this purpose. However, from what I have
read, it seems that the PAMs for LDAP just do a bind and supply the username and
password. It seems as though they also need to provide a (net)group as
well, so user foo in group student will not gain access to the admin database
machine simply by virtue of being in the LDAP database, but user oracle in group
dbadmin can.....
It seems as though I am missing
something really basic here. Can someone point me in the right direction
please. I also need to do the same kind of user level access retrictions
on NT 4 & 5 machines. I assume that this can also be achieved by a
similar group type method.
The OS/s that require user
authentcation via ldap are Tru64, linux, solaris and NT4/5. LDAP server is
openldap. I will hit the RFCs tomorrow...
Any help will be grately appreciated.
Dave.
|