[389-users] allowing only certain users to log into Linux boxen
muzzol
muzzol at gmail.com
Fri Dec 4 00:18:59 UTC 2009
2009/12/3 Alan McKay <alan.mckay at gmail.com>:
> Hey folks,
>
> I finally have this thing running - and I love it so far! I have
> basic Linux login working, as well as Apache auth. Those are my 2
> primary concerns so I think I'm ready to start to roll this bad boy
> out.
>
> And one password to unite them all!!! Bwa, ha, ha, ha!
>
> Anyway, I digress :-)
>
> I checked in here
>
> http://directory.fedoraproject.org/wiki/Documentation#Howtos
>
> and do not see a recipe for what I want to do. However, when I read
> through the Red Hat guides it looks to me like this is possible. I'm
> just not sure how to do it.
>
> I want to have a Group A and Server X, and a rule that says "Only
> people from Group A can log into Server X".
>
that has nothing to do with ldap, is standard posix. once you have all
users and groups running you have to edit
/etc/security/access.conf
and allow only users you want.
my advice is create a group for every server/environment so you can go
as finer as you want.
then you just have to update group information.
i usually create groups with a prefix:
server-frontweb: user1, user2
server-database: user3, user4
so it's easier to manage.
--
========================
^ ^
O O
(_ _)
muzzol(a)muzzol.com
========================
jabber id: muzzol(a)jabber.dk
========================
No atribueixis qualitats humanes als ordinadors.
No els hi agrada.
========================
"El gobierno español sólo habla con terroristas, homosexuales y
catalanes, a ver cuando se decide a hablar con gente normal"
Jiménez Losantos
========================
<echelon spamming>
bomb terrorism bush aznar teletubbies
</echelon spamming>
More information about the 389-users
mailing list