[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restricting login to individual hosts

To: jacob walcik <jwalcik@mail.utexas.edu>
Subject: Re: restricting login to individual hosts
From: Thomas Nau <thomas.nau@rz.uni-ulm.de>
Date: Fri, 28 Mar 2003 07:08:04 +0100 (MET)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <F42EE956-6096-11D7-B631-000393914A3A@mail.utexas.edu>
References: <F42EE956-6096-11D7-B631-000393914A3A@mail.utexas.edu>

On Thu, 27 Mar 2003, jacob walcik wrote:

>i've setup host entries for each of the servers i have that i want to
>use my ldap directory for authentication: server1, server2, and server3
>
>i've added a dozen or so users to my ldap directory: user1 - user12
>
>now, i want to be able to restrict users logins so that user1 can only
>log into server1 and server2, but can't log into server3
>
>is this possible?

One way to do so ist to use netgroups. Just create a netgroup holding the
users for a certain box. The only difference is that you cannot use

passwd: ldap

in nsswitch.conf anymore but must use

passwd: compat
passwd_compat: ldap

Works for Solaris and most likely for Linux

Hope this helps,
Thomas

-----------------------------------------------------------------
PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
Phone:           +49 731 50 22464
FAX:             +49 731 50 22471

Follow-Ups:
- Re: restricting login to individual hosts
  - From: "Benjamin A. Collins" <bencollins@tamu.edu>

References:
- restricting login to individual hosts
  - From: jacob walcik <jwalcik@mail.utexas.edu>

Prev by Date: RE: getting CRL from Active Directory using ldapsearch
Next by Date: Re: restricting login to individual hosts
Index(es):
- Chronological
- Thread