LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 12-18-2008, 08:54 AM   #1
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
best point to restrict login by ldap group membership


Hi,

I've an ldap userbase and are just fine tuning some of the access mechanisms. I want to principally enforce ssh access for ldap members in an administrators group, but i'm not sure where the best place to implement this restriction is. at one extreme I could control AllowGroups in sshd_config but don't want to necessarily restrict myself to only implementing a solution for ssh. Another angle could be to filter within ldap.conf, but then I would still want the flexibility to obtain the full userbase for potential use elsewhere (i'm not aware of any apps that might need this, but that's not my business, so can't be ignorant of the potential need in the future). A modification, of secondary version of the pam system-auth stack might be a good point, as various pam services can link into it fairly simply. Alternatively maybe I should prevent remote logins from non local accounts with access.conf (I do like a wide reaching policy of "remote access = remote account" across linux and network devices and such).

Vague, but if anyone is interested in the subtleties of the myriad of places to control this i'd be really interested to hear from you. Essentially it's lots of use of words like "generic" and "implicit" i'm after!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Maximum setting for ID group membership polar_bear Linux - Server 5 01-26-2008 11:04 AM
Group Membership Limitations Kdr Kane Linux - Enterprise 1 08-23-2006 02:05 PM
Force group membership reload? humbletech99 Linux - General 2 06-03-2006 04:02 AM
Group membership? KlaymenDK Mandriva 4 06-25-2004 04:10 AM
Group Membership Question rlkiddjr Linux - General 3 06-18-2002 10:26 PM


All times are GMT -5. The time now is 03:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration