Server authentication
Jorge Delacruz
alterthegrid at yahoo.com
Fri Oct 12 10:11:39 MST 2007
I tried the OpenSSH DenyGroup directive - worked like
a charm!!!
Jorge Delacruz
--- Jorge Delacruz <alterthegrid at yahoo.com> wrote:
> Yes, that is the plan - LDAP will manage user ID's
> and
> groups. The trick is to prevent the user from
> logging
> in based on their group association.
>
> JD
>
> --- Rudolfo Munguia <xaruum at gmail.com> wrote:
>
> > Just off of the top of my head,
> >
> > Shouldn't you be able to add an attribute to your
> > server object denoting
> > group classification, and then have the users
> added
> > to the necessary group?
> >
> > Been a few years since I dealt with LDAP.
> >
> > On 10/11/07, Jorge Delacruz
> <alterthegrid at yahoo.com>
> > wrote:
> > >
> > > Excellent! Thank you!
> > >
> > > JD
> > >
> > > --- "Jeremy C. Reed" <reed at reedmedia.net> wrote:
> > >
> > > > On Thu, 11 Oct 2007, Jorge Delacruz wrote:
> > > >
> > > > > Anyone ever hear of such a module or means
> > that
> > > > will reject logins if
> > > > > a user is not in the right group? The users
> > are
> > > > authenticated against
> > > > > LDAP, not local files. This is an access
> > control
> > > > (authorization) issue,
> > > > > not an authentication issue.
> > > >
> > > > If you are using ssh server for logins, have a
> > look
> > > > at OpenSSH's
> > > > DenyGroups and AllowGroups configurations.
> > OpenSSH
> > > > uses getpwnam(3) to get
> > > > the details for the user to-be logged in.
> > > >
> > > > So use nsswitch to use ldap for group (and
> other
> > > > databases). Also setup
> > > > PAM to use pam_ldap.so also.
> > > >
> > > > Jeremy C. Reed
> > > >
> >
> ---------------------------------------------------
> > > > PLUG-discuss mailing list -
> > > > PLUG-discuss at lists.plug.phoenix.az.us
> > > > To subscribe, unsubscribe, or to change your
> > mail
> > > > settings:
> > > >
> > >
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > > >
> > >
> > >
> > > Jorge Delacruz
> > >
> > >
> > >
> > >
> > >
> >
>
____________________________________________________________________________________
> > > Pinpoint customers who are looking for what you
> > sell.
> > > http://searchmarketing.yahoo.com/
> > >
> > >
> >
> ---------------------------------------------------
> > > PLUG-discuss mailing list -
> > PLUG-discuss at lists.plug.phoenix.az.us
> > > To subscribe, unsubscribe, or to change your
> mail
> > settings:
> > >
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> > >
> ---------------------------------------------------
> > PLUG-discuss mailing list -
> > PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail
> > settings:
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> Jorge Delacruz
>
>
>
>
____________________________________________________________________________________
> Yahoo! oneSearch: Finally, mobile search
> that gives answers, not web links.
>
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail
> settings:
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/
More information about the PLUG-discuss
mailing list