Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Restricting logins



A common syntax in nsswitch.conf is

    networks:   nisplus [NOTFOUND=return] files

This says to look up the user in NIS, and if NIS is accessible but
the user isn't found, then fail, and only look at the local
/etc/passwd if NIS is not accessible.

If you reverse this,

    networks:   files [NOTFOUND=return] nisplus

what happens? If the "NOTFOUND" clause is a general
property and not a special NIS-only attribute, then maybe
this will do what you want.

Of course, this is another one of those stinky-finger suggestions :-)



On Tue, Nov 10, 2009 at 4:50 PM, Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org> wrote:
> One of my systems needs to be restricted to a subset of people, but I
> still want to use NIS. The system has 2 ways it may be accessed:
> 1. SSH - I set up AllowUsers and that works fine.
> 2. Console. Since we have a KVM, someone could log into the KVM and come
> in through the console port. I can physically unplug the console, but I
> was wondering if there was a way to accomplish this through an access list.
> I certainly can turn off NIS for this host and clone the password and
> shadow entries, but I would prefer to allow NIS.
>
> I'm not concerned about hackers outside of our VPN, but the contract for
> the software we are working with specifically excludes anyone in our
> development group. But, our IT people in NY do have a login.
>
> In any case just looking for a suggestion.
>
> --
> Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
> Boston Linux and Unix
> PGP key id: 537C5846
> PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB ?CA3B 4607 4319 537C 5846
>
>
>
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
AIM abreauj / JABBER jabr-iMZfmuK6BGBxLiRVyXs8+g at public.gmane.org / YAHOO abreauj / SKYPE zusa_it_mgr
Email jabr-mNDKBlG2WHs at public.gmane.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org