[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting Host Access



Could you be more explicit? Depends on what you need to protect exactly. If it's only applications (like the access to your web server, or mail server), this has to be done with acl defined for users and group on the ldap server, and the ability of servers like apache, postfix etc. to authenticate against a LDAP database. Same thing for pam_ldap & nss_ldap (for centralized password management)
If you really want to protect some of your server of any access, you can use netfilter (shipped with linux kernel 2.4) or ipchains (kernel 2.2). (perhaps this a bit definitive!). I'm sure there are a lot of other solutions, but once again it depends of your exact needs.

Patrice

On Fri, 12 Apr 2002 10:55:12 -0400 (EDT)
Dan Parker <drpLO@helios.hampshire.edu> wrote:

> Hi,
> 
> I have an OpenLDAP 2.0.23 server performing authentication.  I'd like
> several hosts to be able to authenticate to it (for centralized
> password management) but I don't necessarily want all users to be able
> to access all hosts.
> 
> For example:
> 
> Client hosts: a, b
> Server: s
> Users 1 2 3 4 5
> 
> 
> Accounts for all users are stored in server s.
> 
> I'd like host 'a' to allow all users to login.
> 
> I'd like host 'b' to only allow users 1 and 2 to login.
> 
> 
> Where can I set this kind of control?  I've looked in a number of
> places for an answer with no luck, making me wonder if the solution is
> embarassingly simple.  Oh, well.  Any help is greatly appreciated.
> 
> Dan Parker
> Sr. Systems Administrator		
> Hampshire College
> Amherst, MA
> 
> 

Attachment: pgpNSt2utyI49.pgp
Description: PGP signature