Server authentication

Jorge Delacruz alterthegrid at yahoo.com
Fri Oct 12 10:11:39 MST 2007


I tried the OpenSSH DenyGroup directive - worked like
a charm!!!

Jorge Delacruz 

--- Jorge Delacruz <alterthegrid at yahoo.com> wrote:

> Yes, that is the plan - LDAP will manage user ID's
> and
> groups.  The trick is to prevent the user from
> logging
> in based on their group association.
> 
> JD
> 
> --- Rudolfo Munguia <xaruum at gmail.com> wrote:
> 
> > Just off of the top of my head,
> > 
> > Shouldn't you be able to add an attribute to your
> > server object denoting
> > group classification, and then have the users
> added
> > to the necessary group?
> > 
> > Been a few years since I dealt with LDAP.
> > 
> > On 10/11/07, Jorge Delacruz
> <alterthegrid at yahoo.com>
> > wrote:
> > >
> > > Excellent!  Thank you!
> > >
> > > JD
> > >
> > > --- "Jeremy C. Reed" <reed at reedmedia.net> wrote:
> > >
> > > > On Thu, 11 Oct 2007, Jorge Delacruz wrote:
> > > >
> > > > >   Anyone ever hear of such a module or means
> > that
> > > > will reject logins if
> > > > > a user is not in the right group?  The users
> > are
> > > > authenticated against
> > > > > LDAP, not local files.  This is an access
> > control
> > > > (authorization) issue,
> > > > > not an authentication issue.
> > > >
> > > > If you are using ssh server for logins, have a
> > look
> > > > at OpenSSH's
> > > > DenyGroups and AllowGroups configurations.
> > OpenSSH
> > > > uses getpwnam(3) to get
> > > > the details for the user to-be logged in.
> > > >
> > > > So use nsswitch to use ldap for group (and
> other
> > > > databases). Also setup
> > > > PAM to use pam_ldap.so also.
> > > >
> > > >   Jeremy C. Reed
> > > >
> >
> ---------------------------------------------------
> > > > PLUG-discuss mailing list -
> > > > PLUG-discuss at lists.plug.phoenix.az.us
> > > > To subscribe, unsubscribe, or to change your
> > mail
> > > > settings:
> > > >
> > >
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > > >
> > >
> > >
> > > Jorge Delacruz
> > >
> > >
> > >
> > >
> > >
> >
>
____________________________________________________________________________________
> > > Pinpoint customers who are looking for what you
> > sell.
> > > http://searchmarketing.yahoo.com/
> > >
> > >
> >
> ---------------------------------------------------
> > > PLUG-discuss mailing list -
> > PLUG-discuss at lists.plug.phoenix.az.us
> > > To subscribe, unsubscribe, or to change your
> mail
> > settings:
> > >
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> > >
> ---------------------------------------------------
> > PLUG-discuss mailing list -
> > PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail
> > settings:
> >
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
> Jorge Delacruz
> 
> 
>        
>
____________________________________________________________________________________
> Yahoo! oneSearch: Finally, mobile search 
> that gives answers, not web links. 
>
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
> 
> ---------------------------------------------------
> PLUG-discuss mailing list -
> PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail
> settings:
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 



       
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/



More information about the PLUG-discuss mailing list