Cool! That gets me 90% of the way. Still need to find procedure to build group of machines as groupA and then Fred's host access list in ldap is %groupA or another ldap lookup call. Thinking I should have macro ability but really unsure if this posssible.<br>
<br><div class="gmail_quote">On Fri, Jul 10, 2009 at 7:20 PM, Sean McNealy <span dir="ltr"><<a href="mailto:sean.mcnealy@gmail.com">sean.mcnealy@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Sounds like you're looking for pam_ldap<br>
<a href="http://wiki.debian.org/LDAP/PAM" target="_blank">http://wiki.debian.org/LDAP/PAM</a><br>
<br>
"The pam_ldap module provides the ability to specify a list of hosts a<br>
user is allowed to log into, in the "host" attribute in LDAP."<br>
<div><div></div><div class="h5"><br>
On Fri, Jul 10, 2009 at 6:21 PM, Jim Kinney<<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>> wrote:<br>
> I have a technical question about ldap. I may be misremembering but here<br>
> goes: Does ldap support per machine user authentication?<br>
><br>
> example: all system use files, ldap for user auth. Fred is allowed access to<br>
> machines in group A but not in group B. Fred does NOT have an entry in<br>
> /etc/passwd on group A machines. ldap is used to provide authentication for<br>
> Fred for machines in A but denies authentication for Fred on group B<br>
> machines.<br>
><br>
> It may be the Holy Grail of ldap I'm looking for....<br>
><br>
> --<br>
> --<br>
> James P. Kinney III<br>
> Actively in pursuit of Life, Liberty and Happiness<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
><br>
><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br>Actively in pursuit of Life, Liberty and Happiness <br><br>