Re: Server authentication

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MRudolfo Munguia at <-
MJorge Delacruz at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jorge Delacruz
Date:  
To: Main PLUG discussion list
Subject: Re: Server authentication
Yes, that is the plan - LDAP will manage user ID's and
groups. The trick is to prevent the user from logging
in based on their group association.

JD

--- Rudolfo Munguia <> wrote:

> Just off of the top of my head,
>
> Shouldn't you be able to add an attribute to your
> server object denoting
> group classification, and then have the users added
> to the necessary group?
>
> Been a few years since I dealt with LDAP.
>
> On 10/11/07, Jorge Delacruz <>
> wrote:
> >
> > Excellent! Thank you!
> >
> > JD
> >
> > --- "Jeremy C. Reed" <> wrote:
> >
> > > On Thu, 11 Oct 2007, Jorge Delacruz wrote:
> > >
> > > > Anyone ever hear of such a module or means
> that
> > > will reject logins if
> > > > a user is not in the right group? The users
> are
> > > authenticated against
> > > > LDAP, not local files. This is an access
> control
> > > (authorization) issue,
> > > > not an authentication issue.
> > >
> > > If you are using ssh server for logins, have a
> look
> > > at OpenSSH's
> > > DenyGroups and AllowGroups configurations.
> OpenSSH
> > > uses getpwnam(3) to get
> > > the details for the user to-be logged in.
> > >
> > > So use nsswitch to use ldap for group (and other
> > > databases). Also setup
> > > PAM to use pam_ldap.so also.
> > >
> > > Jeremy C. Reed
> > >
> ---------------------------------------------------
> > > PLUG-discuss mailing list -
> > >
> > > To subscribe, unsubscribe, or to change your
> mail
> > > settings:
> > >
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> >
> >
> > Jorge Delacruz
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Pinpoint customers who are looking for what you
> sell.
> > http://searchmarketing.yahoo.com/
> >
> >
> ---------------------------------------------------
> > PLUG-discuss mailing list -
>
> > To subscribe, unsubscribe, or to change your mail
> settings:
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
---------------------------------------------------
> PLUG-discuss mailing list -
>
> To subscribe, unsubscribe, or to change your mail
> settings:
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Jorge Delacruz



____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Server authenticationRe: Server authentication->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)