[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restrict host login based on group

If you are using ssh and pam can be done like this:

# tail /etc/ssh/sshd_config

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

# Restringir acesso ao grupo local 'suporte' e a grupos LDAP
AllowGroups suporte "SSH UDSL"

where "SSH UDSL" is a Group in LDAP, and "suporte" is a local group.

2009/12/3 Serge Fonville <serge.fonville@gmail.com>:
> Hi,
> While setting up an LDAP server. I noticed that it is not possible to
> add a host attribute to a posixGroup.
> Is there a way to limit a user what host they can logon to based on
> their group membership?
> Thanks in advance
> Regards,
> Serge Fonville
> --
> http://www.sergefonville.nl
> Convince Google!!
> They need to support Adsense over SSL
> https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
> http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en