RE: pam_krb5/ldap access control with Active Directory
- Subject: RE: pam_krb5/ldap access control with Active Directory
- From: "Yu Wang" <yuwang@xxxxxxxxxx>
- Date: Thu, 28 Sep 2006 13:59:14 -0400
- Thread-index: AcbYMz6rYEbYRmk4R1eAVNaUasDPCgK8P/fw
- Thread-topic: pam_krb5/ldap access control with Active Directory
I use pam_access. Put user/group names you would like them to login to
your server in the server's /etc/security/access.conf file (Linux).
As to your listed situation:
Server1:
-:ALL EXCEPT root A B C:ALL
Server2:
-:ALL EXCEPT root A:ALL
Server3:
-:ALL EXCEPT root A C:ALL
Note: your group name should not contain white space (something like
Group A may cause problem).
Make sure pam_access.so is included in your pam configuration stack and
use "required".
You can use pam_require too. It takes user and group names as arguments
and not as granular as pam_access.
Yu
-----Original Message-----
From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx]
On Behalf Of Scott Ruckh
Sent: Thursday, September 14, 2006 3:23 PM
To: pam-list@xxxxxxxxxx
Subject: pam_krb5/ldap access control with Active Directory
How do you control access?
For example, say you have 3 groups (A, B, and C). Users of Group A
should have access to all servers, Group B should have access to only a
few servers, and Group C will have access to a few servers.
Obviously each server's ldap.conf file could contain configurations
using
different AD containers to limit access, but how would you handle access
for the below situation?
Severs: Groups that have access
Server 1: Group A, Group B, and Group C
Server 2: Group A
Server 3: Group A and Group C
Thanks.
--
Scott
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Fedora Users]
[Kernel]
[Red Hat Install]
[Linux for the blind]
[Gimp]
