[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restrict host login based on group

To: Serge Fonville <serge.fonville@gmail.com>
Subject: Re: restrict host login based on group
From: Jarbas Peixoto Júnior <jarbas.junior@gmail.com>
Date: Thu, 3 Dec 2009 10:48:35 -0300
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=sQm/1GQ3iHmqirRdplsnqRez7Jf2uTA5sKUXsnsIi0o=; b=OVvJhIPcBT0YleVIdRvrdk9Z8XKwhM1F1/HC1ApUoxY/TpFoEgGEWeawaT3NF7Jb1E Xl75eto8dgdGKjmrh+PLKlbJD1X/XauyyNWkn/YKd79lekm9Bliwcs8kdsIEwDFXcDX5 +ldXhDA93CEjPOCIofkw00Wx/8+wn2hAhN8YU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=uMRyGu2c9HYSnDvUDSP/OuWpPktyztbPxlrUa2KJM6rdFBh+nzE0B2r3ImmLuTxroZ xsqFj0Bszkk1trEQLwIkSXxVoRPvfCyrCBPbBvcoqvy0P5i/PrCLx4+z+p0qYzjJa772 4Escag1eKcB8lV7pyv3Jqo6cZP9wCrfZorukE=
In-reply-to: <680cbe0e0912030306ma6de99eh45be3181a9555ada@mail.gmail.com>
References: <680cbe0e0912030306ma6de99eh45be3181a9555ada@mail.gmail.com>

If you are using ssh and pam can be done like this:

# tail /etc/ssh/sshd_config

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

# Restringir acesso ao grupo local 'suporte' e a grupos LDAP
AllowGroups suporte "SSH UDSL"

where "SSH UDSL" is a Group in LDAP, and "suporte" is a local group.

2009/12/3 Serge Fonville <serge.fonville@gmail.com>:
> Hi,
>
> While setting up an LDAP server. I noticed that it is not possible to
> add a host attribute to a posixGroup.
>
> Is there a way to limit a user what host they can logon to based on
> their group membership?
>
> Thanks in advance
>
> Regards,
>
> Serge Fonville
>
> --
> http://www.sergefonville.nl
>
> Convince Google!!
> They need to support Adsense over SSL
> https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
> http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
>

Follow-Ups:
- Re: restrict host login based on group
  - From: Adam Hough <adam@gradientzero.com>

References:
- restrict host login based on group
  - From: Serge Fonville <serge.fonville@gmail.com>

Prev by Date: Re: How to Clone / move an OpenLDAP instance?
Next by Date: Re: bootstrapping mirrormode
Index(es):
- Chronological
- Thread