[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: Re: [389-users] Best practice for user / group authentication
From: Edward Capriolo <edlinuxguru () gmail ! com>
Date: 2009-05-26 21:55:37
Message-ID: cbbf4b570905261455p3149005fi6699e195fe7d3c3e () mail ! gmail ! com
[Download RAW message or body]
On Fri, May 22, 2009 at 5:16 PM, Dumbo Q <dumboq@yahoo.com> wrote:
> Thank you for the quick reply.
> I also have a question about the posix groups.
> To create a user in ds, the idm-console has a form which is quite easy. I
> can also use this to create "Groups", but they are not unix groups. I assume
> these are simply to keep organized all the users.
>
> To add a unix group i have to create->new->other, and choose posix group.
> Then i manually pick the gidnumber. It does not seem to matter where i
> place this posix group. My first thought is that it is going to get very
> messy trying to keep track of each users posixgroup.
> secondly, does this seem like a good plan for authentication structure
> below.
>
> UnixGroups
> \- all posix groups here.
> People
> \- Vendors
> \- CompanyA
> \- CompanyB
> \- Staff
> \- Accounting
> \- SysAd
> \- Development
> \- YadaYada.
>
> But then how would i say users in companyb can only login to some hosts?
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
I use 'pam groupdn'
/etc/ldap.conf
pam_groupdn cn=hadoop,ou=hosts,dc=yourdomain,dc=com
This allows you to create an object with a list of users dn's that can
log in. You can also use netgroups but this way is clean and has very
little configuration. You can also set a login group in sshd_config.
But then each of your machines will have a different sshd_config.
-Regards
Edward
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic