Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: pam ldap limit authentication
Top Forums UNIX for Advanced & Expert Users pam ldap limit authentication Post 79870 by hassan1 on Monday 1st of August 2005 06:59:43 PM
Old 08-01-2005
Network pam ldap limit authentication
I have a linux machine which authenticate users to ldap, this is working fine. But I would like to limit users that logon to the machines to just the system admins.
The machines hosts different web sites which users accessed from there home directory like http://foo.mdx.ac.uk/~username

At the monent my /etc/ldap.conf has
nss_base_passwd o=mdx?sub?groupMembership=cn=linux_servers,ou=access-grou
ps,ou=UNIX,ou=services,ou=staff,o=mdx

nss_base_shadow o=mdx?sub?groupMembership=cn=linux_servers,ou=access-grou
ps,ou=UNIX,ou=services,ou=staff,o=mdx

nss_base_group ou=group,ou=sun.mdx.ac.uk,ou=nis,ou=services,ou=unix,ou=service
s,ou=staff,o=mdx?one

I would like to limit authentication to cn=linux_admin but if I change the above /etc/ldap.conf to cn=linux_admin users will not be able to get there web site.

Using PAM, how do I limit authentication to all services just to cn=linux_admin, while normal user still be able to access there web site through http://foo.mdx.ac.uk/~username

Thanks Smilie Smilie
 

10 More Discussions You Might Find Interesting

1. Programming

PAM Authentication Sample

Hi, I am a Linux / Unix newbie c programmer. I have a c/c++ daemon server that will receive authentication (userid / password) from a windows client. All I want to do is authenticate the user via PAM API - i.e. user must exist on the Unix / Linux system + password must be validated. ... (1 Reply)
Discussion started by: vineshp
1 Replies

2. UNIX for Advanced & Expert Users

PAM LDAP Passwort

Hallo miteinander, ich bin gerade dabei ein eigenes C-Programm zuschreiben um mich über PAM auf einen LDAP Server zu authentifizieren. ... (2 Replies)
Discussion started by: saschaLin
2 Replies

3. Solaris

nisplus and pam authentication

HI, There is a user having problem when he try to login to solaris box, it works after few tried. What may be the problem? PAM authentication Password: PAM authentication Password: PAM authentication New Password: (1 Reply)
Discussion started by: mokkan
1 Replies

4. Solaris

Soalris 10 PAM Radius authentication Module

Hello Group, I'm facing Problem with the configuration of "***pam_radius_auth.so.1***" module to be integrated with Freeradius and Funk Steel Belted Radius. Both this radius servers are able to make "Access-Accept" packet. But the SSH or Telnet client is not able to login to the system with the... (0 Replies)
Discussion started by: ImpeccableCode
0 Replies

5. UNIX for Advanced & Expert Users

PAM authentication failure

My PAM module seems to work right but it fails in authentication. Althought it can't authenticate, the session module works and the software who uses it executes well. For example, when I login through "gdm" using pam to authenticate against an ldap server /var/log/auth.log shows Any... (1 Reply)
Discussion started by: capibolso
1 Replies

6. UNIX and Linux Applications

Problems Hooking Sudoers into PAM/LDAP

Greetings!! I am attempting to solve a rather thorny issue and I was hoping that someone might have some insight into what is going on here.. At this point I have an openLDAP server that is working quite splendidly! :) I have a working directory with users able to authenticate it and TLS... (2 Replies)
Discussion started by: bluethundr
2 Replies

7. UNIX for Advanced & Expert Users

PAM authentication.

I have applied pam authentication for local users as highlighted in below file. # cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so... (0 Replies)
Discussion started by: pinga123
0 Replies

8. Solaris

LDAP, PAM or SSHD?

Hi, I´m trying to make Solaris authenticate users in AD. NTP is working, nsswitch.ldap is listed above, DNS is Ok and I made something different in pam.conf, krb5.conf and sshd_config (see above) nsswitch.ldap: passwd: files ldap group: files ldap hosts: files dns ipnodes: ... (0 Replies)
Discussion started by: mpcavalcanti
0 Replies

9. SuSE

Authentication with PAM

Hello all, I recently updated PAM policy files (pam_authz.policy) on HP-UX Servers with AD groups involving allowing and denying the certain groups.. Could anyone tell me what is the equivalent mechanism in SLES(Linux)? Is it possible to allow/deny AD group access with the SLES LDAP... (0 Replies)
Discussion started by: lcclaj0
0 Replies

10. UNIX for Advanced & Expert Users

Configure samba with PAM point 2 different LDAP

Hi, I would like to configure samba with PEM (with LDAP). I've already found, on the server, configured the PAM Authentication(with LDAP) for ssh. I wanted to know if it was possible to configure PAM for to authenticate to another LDAP only for SAMBA. Is possibile duplicate the... (2 Replies)
Discussion started by: mark888
2 Replies

LEARN ABOUT ULTRIX

ruptime

ruptime(1c)															       ruptime(1c)

Name
       ruptime - show host status of local machines

Syntax
       ruptime [ options ] [ machinename ]

Description
       The  command  gives  a  status  line  like  for each machine on the local network.  If a machinename is given, the status of only the named
       machine is given.  These status lines are formed from packets broadcast by each host on the network once a minute.

       Machines for which no status report has been received for 5 minutes are shown as being down.

Options
       -a   Users idle an hour or more are not counted unless this option is specified.

       -d   Display only those hosts that are considered down.

       -l   Sort the status list by load average.  If more than one sort option is given, uses the last one.

       -r   Show only hosts that are up and running.

       -t   Sort the status list by uptime.  If more than one sort option is given, uses the last one.

       -u   Sort the status list by number of users.  If more than one sort option is given, uses the last one.

       -nn  Show only those hosts with nn or more users.

Restrictions
       Because the daemon sends its information in broadcast packets it generates a large amount of network traffic.  On large networks the  extra
       traffic	may  be  objectionable.   Therefore,  the  daemon is disabled by default.  To make use of the daemon for both the local and remote
       hosts, remove the comment symbols (#) from in front of the lines specifying in the file.

       If the daemon is not running on a remote machine, the machine may incorrectly appear to be down when you use the command to  determine  its
       status.	See the reference page for more information.

       If  a  system  has  more  than 40 users logged in at once, the number of users displayed by the command is incorrect.  Users who login to a
       machine after that point fail to increment the user count that appears in the output of the command.  This is due to the maximum size limit
       of an Ethernet packet, which is 1500 bytes, and the fact that the daemon must broadcast its information in a single packet.

Files
       /usr/spool/rwho/whod.*	Information about other machines

See Also
       rwho(1c), rwhod(8c)

																       ruptime(1c)
All times are GMT -4. The time now is 06:13 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy