[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Basic ACL question...I think.

On Fri, Apr 16, 2010 at 12:58:21PM -0400, Ken Kleiner wrote:

> Hi,  Thanks for the reply.  I found that the pam ldap module does help, like using pam_groupdn to point to a group that contains (in memberuid) the people that I want to have access.  The problem with that is that
> the nss library still sees the entries as valid uids, which I don't want.  Is there a similar module config I could use for libnss?

Very unlikely. What you are tying to do seems to muddle the concepts of
authentication and authorisation so it may not be straightforward.

> What defines the entries is just a group that I put them into, i.e. I create a group called emailusers and create a memberuid entry in that group for each user that I want to be visible.

In that case you should be able to write ACLs that make members of
particular groups visible to the machines that need to know about them.

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |