[Date Prev][Date Next]
Re: Attributes for filtering OS logins
Anton Chu wrote:
> I have a scenario where I want to setup two LDAP groups where one group
> can access a file on the server while the other one cannot after they
> login. Can some PAM tweaks make this happen if not on the ldap side?
Yes. See the man page for pam_ldap:
Specifies the distinguished name of a group to which a
user must belong for logon authorization to succeed.
pam_member_attribute <attribute> Specifies the attribute to use when
testing a user’s membership of a group specified in the pam_groupdn option.