[Date Prev][Date Next] [Chronological] [Thread] [Top]

Host based authentication using OpenLDAP

Hello, I've been working on implementing a LDAP solution for the last 8
months (in-between task, you know how it is :D )

I now have a working LDAP directory, have all my users imported, things
actually work! :D..(jinx!)

But now I wanna get fancy..

I've been googeling for some sort of clear description on how I can set
up a system using groups of hosts and user groups to create a selective
ACL for ssh'ing to a set of servers based on group membership.

One of my primary goals is to have it work as much "out of the box" as
possible for RHEL4 and 5 (and CentOS )

That means I want to avoid having to make changes to hosts (I have
around 60-80 linux servers today that I want over on LDAP)
So I try to avoid the solutions involving /etc/security/*

I have it working with the ldapns schema with no changes to PAM.

But this means I have to enter the specific host into each user record.

But I'm a contrary and difficult guy, and love making problems for my
self so I want to assign groups of users to groups of servers.

Oh..and SSH keys :D..but that is for when life looks sunny and I need to
be reminded that the world is a bad place.

is there anyone that can point me towards resources that are written on
this?..I already have a list of links I've been reading, and are adding
those here in case other people want to look at them:


Thanks for taking the time to read this :)