[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Namespace layout [was: pam_ldap questions]

To: "Nyers, Gabor" <GNyers@telfort.nl>, "openldap-general@OpenLDAP.org" <openldap-general@OpenLDAP.org>
Subject: Re: Namespace layout [was: pam_ldap questions]
From: "Karel Zajicek" <karel.zajicek@ecn.cz>
Date: Thu, 07 Sep 2000 10:08:54 +0100 (CET)
In-reply-to: <D318408ECCD7D211A3520000F8C265E6026F3EEF@srv_exch_9.intra.telfort.nl>

On Thu, 7 Sep 2000 09:29:00 +0200, Nyers, Gabor wrote:

>This way if a user needs access to a machine just add his/her name to the
>machine group.
>
>How do the ldap.wizards :-) this?

I use PAM and pam_listfile module for this purpose.

auth       required     /lib/security/pam_listfile.so item=group sense=allow \
	file=/etc/mygroup onerr=fail
auth       required     /lib/security/pam_ldap.so
account    required     /lib/security/pam_ldap.so

where /etc/mygroup contains just the name of a valid unix group (which can be 
defined in LDAP). Accounts not listed in the group are denied.

Karel Zajicek (karel.zajicek@ecn.cz)
Econnect, Ceskomalinska 23, 160 00 Praha 6, Czech Republic
Tel.: +420-2-24311780, Fax: +420-2-24317892, http://www.ecn.cz

References:
- Namespace layout [was: pam_ldap questions]
  - From: "Nyers, Gabor" <GNyers@telfort.nl>

Prev by Date: Namespace layout [was: pam_ldap questions]
Next by Date: RE: Namespace layout [was: pam_ldap questions]
Index(es):
- Chronological
- Thread