[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Replacement for NIS

On Wed, 19 Sep 2001, Barry Wright wrote:

> My question is does anybody have an LDAP system working where there are
> seperate groups of users (seperate ou's) only able to login to a
> limited subset of available computers but also have an admin group that
> can log into any computer, plus possibly have some users able to log into 
> several subsets of computers. 

Write a PAM module that reads a config file or option that defines the
groups allowed to log in, and then check that user is in the specified group
before allowing login.  If written correctly, it will even transcend LDAP,
allowing it to be used in any authorization scheme involving groups.

#include <disclaimer.h>
Matthew Palmer