[Date Prev][Date Next]
RE: Limiting Host Access
> On client host 'b' I don't want users 3, 4, or 5 to be able to login at
> all. It should behave as if they don't have an account (they can try
> logging in but will always fail regardless of the password). I sort of
> envisioned an attribute on the LDAP server like 'allowedHosts' where you
> could enter what hosts a particular user is allowed to login to. Since
> that doesn't exist, I'm not sure what to do.
> We have a fileserver that vritually everyone should be able to login to.
> We also have a webserver that very few people should be able to login to.
> How do I maintain all of the accounts in an LDAP server but only allow
> authorized users to login to the web server?
If your running a unix shop, then you need to check out pam_ldap
avaliable from www.padl.com It has the capablity of restricting logins
based on two main methods, a list of hosts in a "hosts" attribute,
or the user being a member of a specific group in ldap.
IMHO hosts style works well for small networks but groups are
essential for large 100+ machine networks.