[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Replacement for NIS

There is a "host" attribute in the objectclass account, defined
in cosine.schema.
You can put as many host attributes as you want in an account
entry, to allow users access to as many hosts as you want.
You need to configure pam_ldap to require a host attribute on

For example:
A server called "fileserver" allows only logins
for users which have a host=fileserver attribute.

To achieve this put this line in /etc/pam_ldap.conf:

pam_filter host=fileserver

Unless you are using a new enough version of pam_ldap
which supports the pam_filter directive you should be done.

Christian Mayrhuber