[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods i.e. Host to Users, User to Hosts, Netgroups



Netgroups or the groupdn feature is all I'm really aware of... but you
should ask over on the pamldap@padl.com mailing list for other ideas,
where this topic is more appropriate.
-Alan

Aaron M. Hirsch said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I now have my OpenLDAP 2.1.22 install working well and am able to
> restrict which users are able to log into which machines.  I've used the
> pam_check_host_attr yes to accomplish this.  I know that I could have
> also used pam_groupdn with pam_member_attribute, but that would me
> modifying every host when a new user is added.  I was trying to use
> netgroups for control purposes, but it appears that they can only be
> composed of hostnames or other netgroups. (which of course must have
> hostnames or other netgroups).  i.e. (myhost.sample.com,-,-).
>
> So my question is, does anyone know when/if there will be an attribute
> similar to pam_check_host_attr that will allow me to group hosts
> together.  i.e. instead of having an ldif with:
> host: host1.sample.com
> host: host2.sample.com
> ...
> So instead, a "host group" would be created and access to the group is
> controlled. i.e.
> group: site1hosts
> group: site4hosts
> Where site1hosts would have:
> host1.sample.com
> host2.sample.com
> and site4hosts would have:
> host1.inside.sample.com
> host2.inside.sample.com
>
> Basically I'd like to control at the user level what "group of hosts"
> they have access to.  Yes I can enter every host manually, it'll be a
> pain initially, but I just want to be sure I haven't missed somthing
> obvious.  Make sense?
>
> TIA!
>
> - --
> Aaron M. Hirsch
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFABX+AgBD+XyMGAPwRAtFyAJ0Tpjf8h8LR9mY0WtUo+H0Vr8euoQCfcQ3O
> ofu/+iLgLHDe/KZVK0MEZ7o=
> =JVXy
> -----END PGP SIGNATURE-----


===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>