Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Moving servers from NIS to LDAP



On 07/10/2012 04:14 PM, Richard Pieri wrote:
> On 7/10/2012 2:53 PM, Jerry Feldman wrote:
>> I don't know LDAP that well so I am looking for an LDAP solution that
>> will permit certain users to use certain systems.
>
> I use PAM.
>
> The way I do it is to create an LDAP group for each role.  Each
> limited access node gets a file /etc/login.groups with root, wheel and
> the permitted roles.  I use the pam_listfile module to compare group
> memberships of attempted logins with the the login.groups file.
>
> A variant is to create an LDAP group corresponding to each node name.
> Add users who require access to a node to the associated group.  Use a
> PAM module to check group membership against the local host name and
> reject logins that don't match.
>
> Substitute your directory of choice for LDAP.  Anything that lets you
> manage group memberships will work.
>
I'm leaning toward using LDAP. LDAP will be at a corporate level (not
IBM but Algorithmics). But, I don't have that many servers so I can
replicate my changes to each of the servers . Back on testdrive we used
PAM and it worked well except for one Debian box.

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org