[CentOS] LDAP Authentication and Authorisation.

Friedrich Clausen fred at derf.nl
Tue Dec 2 14:27:02 UTC 2008


Hello all,

At my current job the time has come to unify our LDAP infrastructure
into one tree (preferably). The basics are working but we are not sure
how to restrict which users can log into which machines.

What we would like is for everyone in the (for example) "infra" group
to log into all machines while people in the "development" group can
only log into development servers. From an initial Google my options
seem to be:

* LDAP based netgroups
* OpenSSH - AllowGroups, DenyGroups
* PAM - mod_access

Does anyone have any real world, in the trenches experience they would
be willing to share? I would like to know which is the most
maintainable and easy to hand-over to more junior admins.

Thanks,

Fred.


More information about the CentOS mailing list