[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Limiting Host Access

To: "Dan Parker" <drpLO@helios.hampshire.edu>, <openldap-software@OpenLDAP.org>
Subject: RE: Limiting Host Access
From: "Michael Cunningham" <m.cunningham@xpedite.com>
Date: Fri, 12 Apr 2002 11:35:50 -0400
Importance: Normal
In-reply-to: <Pine.GSO.3.96.1020412111434.5125F-100000@helios.hampshire.edu>

> On client host 'b' I don't want users 3, 4, or 5 to be able to login at
> all.  It should behave as if they don't have an account (they can try
> logging in but will always fail regardless of the password).  I sort of
> envisioned an attribute on the LDAP server like 'allowedHosts' where you
> could enter what hosts a particular user is allowed to login to.  Since
> that doesn't exist, I'm not sure what to do.
> 
> We have a fileserver that vritually everyone should be able to login to.
> We also have a webserver that very few people should be able to login to.
> How do I maintain all of the accounts in an LDAP server but only allow
> authorized users to login to the web server?

Dan,

If your running a unix shop, then you need to check out pam_ldap 
avaliable from www.padl.com It has the capablity of restricting logins
based on two main methods, a list of hosts in a "hosts" attribute,
or the user being a member of a specific group in ldap.

IMHO hosts style works well for small networks but groups are 
essential for large 100+ machine networks. 

Thanks... 
Mike

Follow-Ups:
- RE: Limiting Host Access
  - From: Dan Parker <drpLO@helios.hampshire.edu>

References:
- Re: Limiting Host Access
  - From: Dan Parker <drpLO@helios.hampshire.edu>

Prev by Date: Re: Limiting Host Access
Next by Date: Re: Limiting Host Access
Index(es):
- Chronological
- Thread