[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Restrict Access to Hosts

> auth     required       /lib/security/pam_ldap.so
> auth     required       /lib/security/pam_unix.so       # set_secrpc

For starterrs, you probably want "auth sufficient pam_ldap.so".  Required
is just that - required.  It means if pam_ldap fails, so does the login.
sufficient means if it fails, it can try another method.  But, if it
succeeds, it will stop there.

> With this configuration the access restriction to hosts listed via a "host"
> attribute in the ldap entry of the user works fine.
> But, now it is not possible for a "normal" passwd-user to log into the machine.

I'm a little confused as to what you want, but if you're also using
libnss-ldap, you may want to use netgroups (at least, that's how I've done
it).  If you're not then, well once a user "logs" in, they won't be able
to *do* anything, because they won't have a user account.

Geoff Silver					<geoff at uslinux dot net>
"If Bill Gates had a nickel for every time Windows crashed...
	Oh wait, he does"