[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Authentication Methods i.e. Host to Users, User to Hosts, Netgroups
- To: openldap-software@OpenLDAP.org
- Subject: Authentication Methods i.e. Host to Users, User to Hosts, Netgroups
- From: "Aaron M. Hirsch" <ahirsch@slb.com>
- Date: Wed, 14 Jan 2004 11:42:25 -0600
- Organization: Schlumberger
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I now have my OpenLDAP 2.1.22 install working well and am able to
restrict which users are able to log into which machines. I've used
the pam_check_host_attr yes to accomplish this. I know that I could
have also used pam_groupdn with pam_member_attribute, but that would
me modifying every host when a new user is added. I was trying to use
netgroups for control purposes, but it appears that they can only be
composed of hostnames or other netgroups. (which of course must have
hostnames or other netgroups). i.e. (myhost.sample.com,-,-).
So my question is, does anyone know when/if there will be an attribute
similar to pam_check_host_attr that will allow me to group hosts
together. i.e. instead of having an ldif with:
host: host1.sample.com
host: host2.sample.com
...
So instead, a "host group" would be created and access to the group is
controlled. i.e.
group: site1hosts
group: site4hosts
Where site1hosts would have:
host1.sample.com
host2.sample.com
and site4hosts would have:
host1.inside.sample.com
host2.inside.sample.com
Basically I'd like to control at the user level what "group of hosts"
they have access to. Yes I can enter every host manually, it'll be a
pain initially, but I just want to be sure I haven't missed somthing
obvious. Make sense?
TIA!
- --
Aaron M. Hirsch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFABX+AgBD+XyMGAPwRAtFyAJ0Tpjf8h8LR9mY0WtUo+H0Vr8euoQCfcQ3O
ofu/+iLgLHDe/KZVK0MEZ7o=
=JVXy
-----END PGP SIGNATURE-----