I'm using pam_ldap to provide centralized auth to hosts in my network. But a need to restrict certain users from certain hosts has arisen. Can this be done while still maintaining the centralized user accounts? Can anyone point me in the right direction.
there is a "host" field in the "account"-schema which allows to give a list of hosts that a user is allowed to authenticate on.
however, i remember that it didn't really work: i got a warning-message that the user is not allowed to log into the host and then they get a prompt ;-)
i think(!) that this was, because pam_ldap uses the host-field, but pam_unix (which calls ldap by nss) ignores it; but if you disable pam_unix for your service (probably a bad idea for "login") it might well work.
mfg.a.sdr IOhannes
-- IEM - network operation center mailto:noc@xxxxxx
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
