[ale] ldap user auth on a per machine basis?
Jim Kinney
jim.kinney at gmail.com
Sat Jul 11 13:02:05 EDT 2009
Cool! That gets me 90% of the way. Still need to find procedure to build
group of machines as groupA and then Fred's host access list in ldap is
%groupA or another ldap lookup call. Thinking I should have macro ability
but really unsure if this posssible.
On Fri, Jul 10, 2009 at 7:20 PM, Sean McNealy <sean.mcnealy at gmail.com>wrote:
> Sounds like you're looking for pam_ldap
> http://wiki.debian.org/LDAP/PAM
>
> "The pam_ldap module provides the ability to specify a list of hosts a
> user is allowed to log into, in the "host" attribute in LDAP."
>
> On Fri, Jul 10, 2009 at 6:21 PM, Jim Kinney<jim.kinney at gmail.com> wrote:
> > I have a technical question about ldap. I may be misremembering but here
> > goes: Does ldap support per machine user authentication?
> >
> > example: all system use files, ldap for user auth. Fred is allowed access
> to
> > machines in group A but not in group B. Fred does NOT have an entry in
> > /etc/passwd on group A machines. ldap is used to provide authentication
> for
> > Fred for machines in A but denies authentication for Fred on group B
> > machines.
> >
> > It may be the Holy Grail of ldap I'm looking for....
> >
> > --
> > --
> > James P. Kinney III
> > Actively in pursuit of Life, Liberty and Happiness
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> >
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
--
--
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090711/d4f5d542/attachment.html
More information about the Ale
mailing list