Fedora directory users - Dec 2009 - [389-users] allowing only certain users to log into Linux boxen

Hey folks,

I finally have this thing running - and I love it so far!  I have
basic Linux login working, as well as Apache auth.  Those are my 2
primary concerns so I think I''m ready to start to roll this bad boy
out.

And one password to unite them all!!!  Bwa, ha, ha, ha!

Anyway, I digress :-)

I checked in here

http://directory.fedoraproject.org/wiki/Documentation#Howtos

and do not see a recipe for what I want to do.  However, when I read
through the Red Hat guides it looks to me like this is possible.  I''m
just not sure how to do it.

I want to have a Group A and Server X, and a rule that says "Only
people from Group A can log into Server X".

And of course the intent is that who is in Group A could change on a
day to day basis (I''m thinking - access to our production environment)

Where can I find a recipe for that?

thanks!
-Alan

-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

Alan McKay wrote:
> Hey folks,
>
> I finally have this thing running - and I love it so far!  I have
> basic Linux login working, as well as Apache auth.  Those are my 2
> primary concerns so I think I''m ready to start to roll this bad
boy
> out.
>
> And one password to unite them all!!!  Bwa, ha, ha, ha!
>
> Anyway, I digress :-)
>
> I checked in here
>
> http://directory.fedoraproject.org/wiki/Documentation#Howtos
>
> and do not see a recipe for what I want to do.  However, when I read
> through the Red Hat guides it looks to me like this is possible. 
I''m
> just not sure how to do it.
>
> I want to have a Group A and Server X, and a rule that says "Only
> people from Group A can log into Server X".
>
> And of course the intent is that who is in Group A could change on a
> day to day basis (I''m thinking - access to our production
environment)
>
> Where can I find a recipe for that?
>   
Take a look at http://directory.fedoraproject.org/wiki/Howto:Netgroups 
and http://directory.fedoraproject.org/wiki/Howto:Posix
> thanks!
> -Alan
>
>

> Take a look at http://directory.fedoraproject.org/wiki/Howto:Netgroups and
> http://directory.fedoraproject.org/wiki/Howto:Posix
Oooo, this is looking good!

thanks!

-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

2009/12/3 Alan McKay <alan.mckay@gmail.com>:
> Hey folks,
>
> I finally have this thing running - and I love it so far!  I have
> basic Linux login working, as well as Apache auth.  Those are my 2
> primary concerns so I think I''m ready to start to roll this bad
boy
> out.
>
> And one password to unite them all!!!  Bwa, ha, ha, ha!
>
> Anyway, I digress :-)
>
> I checked in here
>
> http://directory.fedoraproject.org/wiki/Documentation#Howtos
>
> and do not see a recipe for what I want to do.  However, when I read
> through the Red Hat guides it looks to me like this is possible.
 I''m
> just not sure how to do it.
>
> I want to have a Group A and Server X, and a rule that says "Only
> people from Group A can log into Server X".
>
that has nothing to do with ldap, is standard posix. once you have all
users and groups running you have to edit

/etc/security/access.conf

and allow only users you want.

my advice is create a group for every server/environment so you can go
as finer as you want.

then you just have to update group information.

i usually create groups with a prefix:

server-frontweb: user1, user2
server-database: user3, user4

so it''s easier to manage.

-- 
=======================     ^ ^
     O O
    (_ _)
muzzol(a)muzzol.com
=======================jabber id: muzzol(a)jabber.dk
=======================No atribueixis qualitats humanes als ordinadors.
No els hi agrada.
======================="El gobierno español sólo habla con terroristas,
homosexuales y
catalanes, a ver cuando se decide a hablar con gente normal"
Jiménez Losantos
=======================<echelon spamming>
bomb terrorism bush aznar teletubbies
</echelon spamming>