Re: Server authentication

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJorge Delacruz at <-
MJorge Delacruz at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jeremy C. Reed
Date:  
To: Main PLUG discussion list
Subject: Re: Server authentication
On Thu, 11 Oct 2007, Jorge Delacruz wrote:

> Anyone ever hear of such a module or means that will reject logins if
> a user is not in the right group? The users are authenticated against
> LDAP, not local files. This is an access control (authorization) issue,
> not an authentication issue.

If you are using ssh server for logins, have a look at OpenSSH's
DenyGroups and AllowGroups configurations. OpenSSH uses getpwnam(3) to get
the details for the user to-be logged in.

So use nsswitch to use ldap for group (and other databases). Also setup
PAM to use pam_ldap.so also.

Jeremy C. Reed
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Sorry about the HTMLRe: qmail WAS How difficult is it to run your own email server?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)