[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restricting login to individual hosts

If you're talking about interactive servers that your users would be
logging in to (via ssh, for example), yes, you can do what you're talking about

pam-ldap checks an attribute called 'hosts' that will indicate to pam whether
or not to allow the user to authenticate.  i am using this setup in a multiuser
environment right now.

If this isn't what you're talking about at all, then I'm sorry for stealing
your bandwidth.


On Fri, Mar 28, 2003 at 07:08:04AM +0100, Thomas Nau wrote:
> On Thu, 27 Mar 2003, jacob walcik wrote:
> >i've setup host entries for each of the servers i have that i want to
> >use my ldap directory for authentication: server1, server2, and server3
> >
> >i've added a dozen or so users to my ldap directory: user1 - user12
> >
> >now, i want to be able to restrict users logins so that user1 can only
> >log into server1 and server2, but can't log into server3
> >
> >is this possible?
> One way to do so ist to use netgroups. Just create a netgroup holding the
> users for a certain box. The only difference is that you cannot use
> passwd: ldap
> in nsswitch.conf anymore but must use
> passwd: compat
> passwd_compat: ldap
> Works for Solaris and most likely for Linux
> Hope this helps,
> Thomas
> -----------------------------------------------------------------
> PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
> Phone:           +49 731 50 22464
> FAX:             +49 731 50 22471

Attachment: pgpoFNLdgf5nG.pgp
Description: PGP signature