[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Linux authentication/authorization against OpenLDAP

To: David LaPorte <dave@laportestyle.org>
Subject: Re: Linux authentication/authorization against OpenLDAP
From: Jan-Piet Mens <jpm@Retail-SC.com>
Date: Sun, 21 Jul 2002 12:43:22 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <000001c23015$b1713cb0$f6f4dc40@Apache>

pam_ldap can use the `host' attribute to contain FQDN of machines onto
which you can log on. Would that help ? Alternatively, you could use the
search bases of nss_ldap (/etc/ldap.conf) to limit access to a group containing
a specific attribute (i.e. if the attribute doesn't have a certain value,
NSS won't "see" the user)
	-JP


On Sat, 20 Jul 2002, David LaPorte wrote:

> I've configured several linux systems to authenticate against OpenLDAP,
> but I was wondering if a finer degree of authorization is possible.  For
> instance, I'd like to assign our administrators to several groups
> ("security", "admins", "network", etc) and grant access to some machines
> only to certain groups.  I understand this can be done at the
> application layer (the ssh.com SSH daemon we use includes some logic to
> limit access by group), but I'd like this to be transparent to the
> applications, since we use other remote access methods that also tie
> into PAM.
>
> Does this functionality exist, or I am going about this the entirely
> wrong way?
>
> Thanks!
> Dave LaPorte
>
> --
> David LaPorte
> dave@laportestyle.org
>
>

References:
- Linux authentication/authorization against OpenLDAP
  - From: "David LaPorte" <dave@laportestyle.org>

Prev by Date: Re: Linux authentication/authorization against OpenLDAP
Next by Date: qmail and Ldap
Index(es):
- Chronological
- Thread