LDAP authentication question - how do I know if a user is permitted to use a system ?
Hi all,
I've got an LDAP server setup and my other servers are able to authenticate against this instead of using locally managed accounts. The question I have though, is how do I allow only users that are supposed to have access to a machine to login ? At the moment, any user in the LDAP directory can logon to any server that uses the LDAP server to authenticate. Obviously, this is not ideal in a production environment as not all users should be permitted to use all systems. Any ideas ? Thanks, |
The modern Linux kernels also offer ACL (acces contrl list) which expands upon the basic file access permissions.
|
Quote:
Normally a user should exist in /etc/passwd, or they won't be allowed in. With LDAP, it appears that any user in the directory is allowed to login to every server that authenticates by LDAP. |
All times are GMT -5. The time now is 08:46 AM. |