centralized (but restricted for some hosts) auth
IEM - Network Operation Center
noc at iem.at
Mon Jan 17 10:01:28 UTC 2005
Tyler R. Retzlaff wrote:
> I'm using pam_ldap to provide centralized auth to hosts in my network. But a
> need to restrict certain users from certain hosts has arisen. Can this be
> done while still maintaining the centralized user accounts? Can anyone point
> me in the right direction.
there is a "host" field in the "account"-schema which allows to give a
list of hosts that a user is allowed to authenticate on.
however, i remember that it didn't really work: i got a warning-message
that the user is not allowed to log into the host and then they get a
prompt ;-)
i think(!) that this was, because pam_ldap uses the host-field, but
pam_unix (which calls ldap by nss) ignores it; but if you disable
pam_unix for your service (probably a bad idea for "login") it might
well work.
mfg.a.sdr
IOhannes
--
IEM - network operation center
mailto:noc at iem.at
More information about the Pam-list
mailing list