[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: What will happen if a user is a member of a group, but has another group as its primary group

(CCing the list)

On 08/03/12 11:31 +0800, Qian Zhang wrote:
I am just wondering if there is a well-known rule for this use case,
I'd like to follow the general acceptable way. So most of people think
user1 should not log into the machine in this case, I will ingore
gidNumber and only care about memberUid attribute.

Personally, I prefer to place authorization attributes within the user's dn,
rather than to maintain groups for the same purpose, but I have done it
both ways in the past.

Using 'nssov-pam userhost [...]' would be a good way to do that.

Dan White