[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Limiting Host Access

> On client host 'b' I don't want users 3, 4, or 5 to be able to login at
> all.  It should behave as if they don't have an account (they can try
> logging in but will always fail regardless of the password).  I sort of
> envisioned an attribute on the LDAP server like 'allowedHosts' where you
> could enter what hosts a particular user is allowed to login to.  Since
> that doesn't exist, I'm not sure what to do.
> We have a fileserver that vritually everyone should be able to login to.
> We also have a webserver that very few people should be able to login to.
> How do I maintain all of the accounts in an LDAP server but only allow
> authorized users to login to the web server?


If your running a unix shop, then you need to check out pam_ldap 
avaliable from www.padl.com It has the capablity of restricting logins
based on two main methods, a list of hosts in a "hosts" attribute,
or the user being a member of a specific group in ldap.

IMHO hosts style works well for small networks but groups are 
essential for large 100+ machine networks.