Restricting logins
Richard Pieri
richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 10 17:11:24 EST 2009
On Nov 10, 2009, at 4:50 PM, Jerry Feldman wrote:
> In any case just looking for a suggestion.
The "right" -- for some value of "right" -- solution is to convert
everything to LDAP. That would give you the access control you need.
Barring that you have only one choice with several flavors: maintain a
local access control file. You can do this by disabling NIS and using
a local password file. You can do this with a custom PAM module that
queries a local access control list. There are other variations but
they all revolve around maintaining some kind of access control list
outside of NIS.
I'd suck it up and go with the local password file. It's a pain but
it won't break with OS updates.
--Rich P.
More information about the Discuss
mailing list