Restricting logins

[Gregory Boyce]

On Tue, 10 Nov 2009, Jerry Feldman wrote:

> One of my systems needs to be restricted to a subset of people, but I
> still want to use NIS. The system has 2 ways it may be accessed:
> 1. SSH - I set up AllowUsers and that works fine.
> 2. Console. Since we have a KVM, someone could log into the KVM and come
> in through the console port. I can physically unplug the console, but I
> was wondering if there was a way to accomplish this through an access list.
> I certainly can turn off NIS for this host and clone the password and
> shadow entries, but I would prefer to allow NIS.
>
> I'm not concerned about hackers outside of our VPN, but the contract for
> the software we are working with specifically excludes anyone in our
> development group. But, our IT people in NY do have a login.
>
> In any case just looking for a suggestion.

Been a while since I've done it, but you should be able to allow logins 
for particular NIS users by adding the following to /etc/passwd

-:::::::
+username:::::::
+ at group:::::::

http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html#AEN280