[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Restricting Logon permission



As far as I know, the easiest way to do this is to set up your ldap server, make each box a client, and then create a group with only the people allowed to access the servers in it. Then modify your pam configs to only allow login access to that group. Hope this helps...


-----Original Message-----
From:	Daniel Davidson [mailto:danield@life.uiuc.edu]
Sent:	Wed 3/5/2003 1:46 PM
To:	Wade Winright; OpenLDAP-Software@OpenLDAP.org
Cc:	
Subject:	Re: Restricting Logon permission
Yes, I can use PAM, that is how we are going to be authenticating on the 
machines.  But how would you have pam restrict this?

thanks,

Dan

On Wednesday 05 March 2003 03:26 pm, Wade Winright wrote:
> Can you utilize pam? If you are using Linux or Solaris, I believe this
> would be the best way to implement this...
>
>
> -----Original Message-----
> From:	Daniel Davidson [mailto:danield@life.uiuc.edu]
> Sent:	Wed 3/5/2003 1:04 PM
> To:	OpenLDAP-Software@OpenLDAP.org
> Cc:
> Subject:	Restricting Logon permission
> We are working on trying unifying our password database via openldap, and I
> am looking for a way to restrict logon rights, so only certain people can
> log onto some servers.  For example I do not want everyone to be able to
> log onto a machine we use for testing applications before we make them
> public, but it would be nice if we could use ldap for authentication.
>
> thanks for any help,
>
> Dan