pam ldap limit authentication


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users pam ldap limit authentication
# 1  
Old 08-01-2005
Network pam ldap limit authentication

I have a linux machine which authenticate users to ldap, this is working fine. But I would like to limit users that logon to the machines to just the system admins.
The machines hosts different web sites which users accessed from there home directory like http://foo.mdx.ac.uk/~username

At the monent my /etc/ldap.conf has
nss_base_passwd o=mdx?sub?groupMembership=cn=linux_servers,ou=access-grou
ps,ou=UNIX,ou=services,ou=staff,o=mdx

nss_base_shadow o=mdx?sub?groupMembership=cn=linux_servers,ou=access-grou
ps,ou=UNIX,ou=services,ou=staff,o=mdx

nss_base_group ou=group,ou=sun.mdx.ac.uk,ou=nis,ou=services,ou=unix,ou=service
s,ou=staff,o=mdx?one

I would like to limit authentication to cn=linux_admin but if I change the above /etc/ldap.conf to cn=linux_admin users will not be able to get there web site.

Using PAM, how do I limit authentication to all services just to cn=linux_admin, while normal user still be able to access there web site through http://foo.mdx.ac.uk/~username

Thanks Smilie Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Configure samba with PAM point 2 different LDAP

Hi, I would like to configure samba with PEM (with LDAP). I've already found, on the server, configured the PAM Authentication(with LDAP) for ssh. I wanted to know if it was possible to configure PAM for to authenticate to another LDAP only for SAMBA. Is possibile duplicate the... (2 Replies)
Discussion started by: mark888
2 Replies

2. SuSE

Authentication with PAM

Hello all, I recently updated PAM policy files (pam_authz.policy) on HP-UX Servers with AD groups involving allowing and denying the certain groups.. Could anyone tell me what is the equivalent mechanism in SLES(Linux)? Is it possible to allow/deny AD group access with the SLES LDAP... (0 Replies)
Discussion started by: lcclaj0
0 Replies

3. Solaris

LDAP, PAM or SSHD?

Hi, I´m trying to make Solaris authenticate users in AD. NTP is working, nsswitch.ldap is listed above, DNS is Ok and I made something different in pam.conf, krb5.conf and sshd_config (see above) nsswitch.ldap: passwd: files ldap group: files ldap hosts: files dns ipnodes: ... (0 Replies)
Discussion started by: mpcavalcanti
0 Replies

4. UNIX for Advanced & Expert Users

PAM authentication.

I have applied pam authentication for local users as highlighted in below file. # cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so... (0 Replies)
Discussion started by: pinga123
0 Replies

5. UNIX and Linux Applications

Problems Hooking Sudoers into PAM/LDAP

Greetings!! I am attempting to solve a rather thorny issue and I was hoping that someone might have some insight into what is going on here.. At this point I have an openLDAP server that is working quite splendidly! :) I have a working directory with users able to authenticate it and TLS... (2 Replies)
Discussion started by: bluethundr
2 Replies

6. UNIX for Advanced & Expert Users

PAM authentication failure

My PAM module seems to work right but it fails in authentication. Althought it can't authenticate, the session module works and the software who uses it executes well. For example, when I login through "gdm" using pam to authenticate against an ldap server /var/log/auth.log shows Any... (1 Reply)
Discussion started by: capibolso
1 Replies

7. Solaris

Soalris 10 PAM Radius authentication Module

Hello Group, I'm facing Problem with the configuration of "***pam_radius_auth.so.1***" module to be integrated with Freeradius and Funk Steel Belted Radius. Both this radius servers are able to make "Access-Accept" packet. But the SSH or Telnet client is not able to login to the system with the... (0 Replies)
Discussion started by: ImpeccableCode
0 Replies

8. Solaris

nisplus and pam authentication

HI, There is a user having problem when he try to login to solaris box, it works after few tried. What may be the problem? PAM authentication Password: PAM authentication Password: PAM authentication New Password: (1 Reply)
Discussion started by: mokkan
1 Replies

9. UNIX for Advanced & Expert Users

PAM LDAP Passwort

Hallo miteinander, ich bin gerade dabei ein eigenes C-Programm zuschreiben um mich über PAM auf einen LDAP Server zu authentifizieren. ... (2 Replies)
Discussion started by: saschaLin
2 Replies

10. Programming

PAM Authentication Sample

Hi, I am a Linux / Unix newbie c programmer. I have a c/c++ daemon server that will receive authentication (userid / password) from a windows client. All I want to do is authenticate the user via PAM API - i.e. user must exist on the Unix / Linux system + password must be validated. ... (1 Reply)
Discussion started by: vineshp
1 Replies
Login or Register to Ask a Question
Authen::Simple::LDAP(3pm)				User Contributed Perl Documentation				 Authen::Simple::LDAP(3pm)

NAME
Authen::Simple::LDAP - Simple LDAP authentication SYNOPSIS
use Authen::Simple::LDAP; my $ldap = Authen::Simple::LDAP->new( host => 'ldap.company.com', basedn => 'ou=People,dc=company,dc=net' ); if ( $ldap->authenticate( $username, $password ) ) { # successfull authentication } # or as a mod_perl Authen handler PerlModule Authen::Simple::Apache PerlModule Authen::Simple::LDAP PerlSetVar AuthenSimpleLDAP_host "ldap.company.com" PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net" <Location /protected> PerlAuthenHandler Authen::Simple::LDAP AuthType Basic AuthName "Protected Area" Require valid-user </Location> DESCRIPTION
Authenticate against a LDAP service. METHODS
o new This method takes a hash of parameters. The following options are valid: o host Connection host, can be a hostname, IP number or a URI. Defaults to "localhost". host => ldap.company.com host => 10.0.0.1 host => ldap://ldap.company.com:389 host => ldaps://ldap.company.com o port Connection port, default to 389. May be overridden by host if host is a URI. port => 389 o timeout Connection timeout, defaults to 60. timeout => 60 o version The LDAP version to use, defaults to 3. version => 3 o binddn The distinguished name to bind to the server with, defaults to bind anonymously. binddn => 'uid=proxy,cn=users,dc=company,dc=com' o bindpw The credentials to bind with. bindpw => 'secret' o basedn The distinguished name of the search base. basedn => 'cn=users,dc=company,dc=com' o filter LDAP filter to use in search, defaults to "(uid=%s)". filter => '(uid=%s)' o scope The search scope, can be "base", "one" or "sub", defaults to "sub". filter => 'sub' o log Any object that supports "debug", "info", "error" and "warn". log => Log::Log4perl->get_logger('Authen::Simple::LDAP') o authenticate( $username, $password ) Returns true on success and false on failure. EXAMPLE USAGE
Apple Open Directory my $ldap = Authen::Simple::LDAP->new( host => 'od.company.com', basedn => 'cn=users,dc=company,dc=com', filter => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))' ); Microsoft Active Directory my $ldap = Authen::Simple::LDAP->new( host => 'ad.company.com', binddn => 'proxyuser@company.com', bindpw => 'secret', basedn => 'cn=users,dc=company,dc=com', filter => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))' ); Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search the desired tree and attributes. SEE ALSO
Authen::Simple::ActiveDirectory. Authen::Simple. Net::LDAP. AUTHOR
Christian Hansen "chansen@cpan.org" COPYRIGHT
This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself. perl v5.14.2 2012-04-23 Authen::Simple::LDAP(3pm)