 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 7/10/2012 2:53 PM, Jerry Feldman wrote: > I don't know LDAP that well so I am looking for an LDAP solution that > will permit certain users to use certain systems. I use PAM. The way I do it is to create an LDAP group for each role. Each limited access node gets a file /etc/login.groups with root, wheel and the permitted roles. I use the pam_listfile module to compare group memberships of attempted logins with the the login.groups file. A variant is to create an LDAP group corresponding to each node name. Add users who require access to a node to the associated group. Use a PAM module to check group membership against the local host name and reject logins that don't match. Substitute your directory of choice for LDAP. Anything that lets you manage group memberships will work. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
