[Date Prev][Date Next]
Re: Restrict Access to Hosts
> auth required /lib/security/pam_ldap.so
> auth required /lib/security/pam_unix.so # set_secrpc
For starterrs, you probably want "auth sufficient pam_ldap.so". Required
is just that - required. It means if pam_ldap fails, so does the login.
sufficient means if it fails, it can try another method. But, if it
succeeds, it will stop there.
> With this configuration the access restriction to hosts listed via a "host"
> attribute in the ldap entry of the user works fine.
> But, now it is not possible for a "normal" passwd-user to log into the machine.
I'm a little confused as to what you want, but if you're also using
libnss-ldap, you may want to use netgroups (at least, that's how I've done
it). If you're not then, well once a user "logs" in, they won't be able
to *do* anything, because they won't have a user account.
Geoff Silver <geoff at uslinux dot net>
"If Bill Gates had a nickel for every time Windows crashed...
Oh wait, he does"