[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Namespace layout [was: pam_ldap questions]

To: openldap-general@OpenLDAP.org
Subject: RE: Namespace layout [was: pam_ldap questions]
From: "Nyers, Gabor" <GNyers@telfort.nl>
Date: Thu, 7 Sep 2000 10:20:59 +0200

> I use PAM and pam_listfile module for this purpose.
> auth       required     /lib/security/pam_listfile.so item=group
sense=allow \
>   	  file=/etc/mygroup onerr=fail
> auth       required     /lib/security/pam_ldap.so
> account    required     /lib/security/pam_ldap.so
> where /etc/mygroup contains just the name of a valid unix group (which can
be 
> defined in LDAP). Accounts not listed in the group are denied.
[<GNy>]  Close, but not quite enough...
This way you still need a locally managed /etc/mygroup file. 
Which is fine for a couple of servers, but a pain in the neck in a bigger
environment.(we have here ca. 40 servers and rising :-)
I know we have "rsync" to do the job, but I would prefer solving the problem
without mixing up different technologies.

Any other suggestions?

Prev by Date: Re: Namespace layout [was: pam_ldap questions]
Next by Date: Re: Netscape Messaging/LDAP - easy interface for Mail Groups?
Index(es):
- Chronological
- Thread