Restricting logins

Jerry Feldman gaf-mNDKBlG2WHs at public.gmane.org
Wed Nov 11 07:29:03 EST 2009


On 11/10/2009 05:11 PM, Richard Pieri wrote:
> The "right" -- for some value of "right" -- solution is to convert
> everything to LDAP.  That would give you the access control you need.  =
=20
> Barring that you have only one choice with several flavors: maintain a =
=20
> local access control file.  You can do this by disabling NIS and using =
=20
> a local password file.  You can do this with a custom PAM module that  =

> queries a local access control list.  There are other variations but =20
> they all revolve around maintaining some kind of access control list =20
> outside of NIS.
>
> I'd suck it up and go with the local password file.  It's a pain but =20
> it won't break with OS updates.
>
>  =20
The reason we use NIS is that it is the corporate standard. I've done
the PAM mods before while helping out at testdrive.hp.com. In any case,
another way to do this is through the KVM since that is really the only
opening I'm concerned about.

--=20
Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846







More information about the Discuss mailing list