Ignacio Vazquez-Abrams wrote:
Stuff pam_netgroups into system-auth then make a group per machine. http://www2.physics.umd.edu/~payerle/Software/PAM/
Doh!!! I should have realized that.
Yes, using NIS Netgroups and PAM authentication around them is much, much better on Linux (and even Solaris) than using multiple NIS domains.
And even if he still replicates his files manually (he should at least consider automating their distribution via SSH), he can still setup just 1 file and use the same netgroups-PAM solution.
Good catch.
From: Paul Heinlein heinlein@madboa.com
If you set up netgroups, you can specify login rights easily:
- /etc/passwd
[...] +@login-group +:::::/dev/null:/sbin/nologin
- /etc/nsswitch.conf
passwd: compat shadow: compat group: files nis netgroup: files nis
Now that only works for NIS distributed passwd, netgroups, correct? Or will it work for local users as well?
-- Bryan J. Smith mailto:b.j.smith@ieee.org