[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL



At 10:25 PM 1/2/01 -0600, Craig Hancock wrote:
>If you have a machine that authenticates many machines via ldap is there a way
>to only allo certain users to access certain machines?

Assuming each machine uses a different LDAP authentication
identity, one could establish ACLs to govern which "account"
entries were visable to the machine.  Some servers, including
OpenLDAP's, support data dependent ACLs (such as use of a
filter).  Or, alternatively, you could just alter the filter
the machine authentication client uses to match "account"
entries.  In either case, you need to have some attribute
value assertion to which can be used to distinguished
which users can access a particular machine.

Kurt