LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   LDAP authentication question - how do I know if a user is permitted to use a system ? (https://www.linuxquestions.org/questions/linux-enterprise-47/ldap-authentication-question-how-do-i-know-if-a-user-is-permitted-to-use-a-system-229968/)

Builder 09-13-2004 04:04 AM
LDAP authentication question - how do I know if a user is permitted to use a system ?
 
Hi all,

I've got an LDAP server setup and my other servers are able to authenticate against this instead of using locally managed accounts.

The question I have though, is how do I allow only users that are supposed to have access to a machine to login ?

At the moment, any user in the LDAP directory can logon to any server that uses the LDAP server to authenticate. Obviously, this is not ideal in a production environment as not all users should be permitted to use all systems.

Any ideas ?

Thanks,

bigrigdriver 09-15-2004 05:40 AM
The modern Linux kernels also offer ACL (acces contrl list) which expands upon the basic file access permissions.

Builder 09-15-2004 06:12 AM
Quote:
Originally posted by bigrigdriver
The modern Linux kernels also offer ACL (acces contrl list) which expands upon the basic file access permissions.
Yes, but I don't even want the user to be able to login to the machine if they should be on it.

Normally a user should exist in /etc/passwd, or they won't be allowed in. With LDAP, it appears that any user in the directory is allowed to login to every server that authenticates by LDAP.


All times are GMT -5. The time now is 08:46 AM.