[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restrict host login based on group



Or you can create your own Aux. object class that includes the host
attribute then you just have to modify the ldap.conf for the machine to
restrict user authentication.

- Adam

On Thu, 2009-12-03 at 10:48 -0300, Jarbas Peixoto Júnior wrote: 
> If you are using ssh and pam can be done like this:
> 
> # tail /etc/ssh/sshd_config
> 
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
> 
> Subsystem sftp /usr/lib/openssh/sftp-server
> 
> UsePAM yes
> 
> # Restringir acesso ao grupo local 'suporte' e a grupos LDAP
> AllowGroups suporte "SSH UDSL"
> 
> where "SSH UDSL" is a Group in LDAP, and "suporte" is a local group.
> 
> 2009/12/3 Serge Fonville <serge.fonville@gmail.com>:
> > Hi,
> >
> > While setting up an LDAP server. I noticed that it is not possible to
> > add a host attribute to a posixGroup.
> >
> > Is there a way to limit a user what host they can logon to based on
> > their group membership?
> >
> > Thanks in advance
> >
> > Regards,
> >
> > Serge Fonville
> >
> > --
> > http://www.sergefonville.nl
> >
> > Convince Google!!
> > They need to support Adsense over SSL
> > https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528
> > http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
> >