14 Jul
2005
14 Jul
'05
11:04 p.m.
On 7/14/05 3:15 PM, Ignacio Vazquez-Abrams wrote:
On Thu, 2005-07-14 at 17:02 -0500, Les Mikesell wrote:
I might re-do it with LDAP someday, but it's probably more work to control the users that aren't supposed to log into these machines than to separately add the ones that are.
Stuff pam_netgroups into system-auth then make a group per machine.
If you set up netgroups, you can specify login rights easily:
* /etc/passwd
[...] +@login-group +:::::/dev/null:/sbin/nologin
* /etc/nsswitch.conf
passwd: compat shadow: compat group: files nis netgroup: files nis
--
Paul Heinlein <> heinlein@madboa.com <> www.madboa.com