Server authentication
Jeremy C. Reed
reed at reedmedia.net
Thu Oct 11 16:43:16 MST 2007
On Thu, 11 Oct 2007, Jorge Delacruz wrote:
> Anyone ever hear of such a module or means that will reject logins if
> a user is not in the right group? The users are authenticated against
> LDAP, not local files. This is an access control (authorization) issue,
> not an authentication issue.
If you are using ssh server for logins, have a look at OpenSSH's
DenyGroups and AllowGroups configurations. OpenSSH uses getpwnam(3) to get
the details for the user to-be logged in.
So use nsswitch to use ldap for group (and other databases). Also setup
PAM to use pam_ldap.so also.
Jeremy C. Reed
More information about the PLUG-discuss
mailing list