RSS feed

nss-pam-ldapd authorization only on rhel6

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd authorization only on rhel6


Looking for a solution that will allow host access based on filter (  pam_authz_search ),
but still be able to resolve passwd map for users not allowed to login.

1) Do not want to use PAM as there might be access methods that are not pam-enabled
    Tried below config to force /bin/false on user not having access to the host, but did not work

     # Host Access
     base passwd ou=passwd,dc=example,dc=com
     filter passwd (objetclass=posixaccount)(accessattrib=1234)

     # Other user passwd map records are visible but /bin/false
     base passwd ou=passwd,dc=example,dc=com
     map passwd loginshell "/bin/false"

2) If PAM is the only solution for this use-case, does anyone have a sample config
     for RHEL6 to provide PAM Based Authorization Only ?
     We use kerberos for authentication.

- subu

To unsubscribe send an email to or see