Re: [nssldap] restricting users to certain hosts?

[Geerd-Dietger Hoffmann <geerd-dietger.hoffmann [at] cern.ch>]

Are the users in different groups. Or is it possible to put all users 
that are allowed on arrowhead in one group?

Further you might want to look into following config options in 
/etc/ldap.conf:

This is client side groups. Example out of my production environment :
# Filter to AND with uid=%s
pam_filter gidNumber=1028

Server side groups:
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com

# Group member attribute
#pam_member_attribute uniquemember

Further you might want to look into
./security/limits.conf

Hope this could help.

Cheers Didi

Adam Williams wrote:
> I've got several servers...arrowhead, archives3, saxon, etc.  I want to 
> prevent the users from ssh'ing into certain servers.  some should only 
> be able to ssh to arrowhead, others only to archives3, some can access 2 
> out of the 3, or all 3, etc.  Is it possible to have this 
> configuration?  If so, how?



----
www.cern.ch/ribalba  /  www.ribalba.de
Email / Jabber: Geerd-Dietger.Hoffmann@cern.ch / ribalba@gmail.com
Phone (Work) : +41 22 7679376
Skype : ribalba
Address : CERN / IT-FIO-FS / GENEVE 23/ SCHWEIZ