[389-users] Migrating to LDAP authentication

Sean Carolan scarolan at gmail.com
Tue Feb 2 17:12:55 UTC 2010


> #2
> a.there is also a setting in /etc/ldap.conf called pam_groupdn. This
> lets you define an LDAP object with multiple membe attributes to
> control who can login. I find it easy to use
> b. SSH can be told to only accept logins from a posix group (same deal
> just handled at a different part of the stack)

One other question came to mind, and that was users with ssh keys.
How will migrating to LDAP-only authentication affect them?  Is there
a way to continue allowing these users to use their keys for login?



More information about the 389-users mailing list