Restricting logins
Jerry Feldman
gaf-mNDKBlG2WHs at public.gmane.org
Wed Nov 11 07:30:17 EST 2009
On 11/10/2009 05:14 PM, Gregory Boyce wrote:
> On Tue, 10 Nov 2009, Jerry Feldman wrote:
>
>> One of my systems needs to be restricted to a subset of people, but I
>> still want to use NIS. The system has 2 ways it may be accessed:
>> 1. SSH - I set up AllowUsers and that works fine.
>> 2. Console. Since we have a KVM, someone could log into the KVM and co=
me
>> in through the console port. I can physically unplug the console, but =
I
>> was wondering if there was a way to accomplish this through an access
>> list.
>> I certainly can turn off NIS for this host and clone the password and
>> shadow entries, but I would prefer to allow NIS.
>>
>> I'm not concerned about hackers outside of our VPN, but the contract f=
or
>> the software we are working with specifically excludes anyone in our
>> development group. But, our IT people in NY do have a login.
>>
>> In any case just looking for a suggestion.
>
> Been a while since I've done it, but you should be able to allow
> logins for particular NIS users by adding the following to /etc/passwd
>
> -:::::::
> +username:::::::
> + at group:::::::
>
> http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html#AEN280
>
Actually, I could add those users to a new group, and use that.
--=20
Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
More information about the Discuss
mailing list