[Mageia-sysadm] Usernames, uids, and groups

Luca Berra bluca at vodka.it
Tue Nov 9 07:53:42 CET 2010

On Mon, Nov 08, 2010 at 05:29:24PM +0100, nicolas vigier wrote:
>On some machines like the svn server, we need to use pam_ldap to allow
>users access with their ldap accounts. But on others servers like
>alamut (web services), or the build nodes, normal users have no reason
>to login. On those servers, do you think we should restrict access with
>ssh configuration and a group, or disable pam_ldap completly on those
>servers and only use local accounts ?
you should be able to configure nss_ldap/pam_ldap to only allow certain
users/group (pam_filter directive)
unfortunately pam_ldap does not allow storing its configuration in ldap,
but it can be delivered with puppet.

local accounts are a pain to maintain

Luca Berra -- bluca at vodka.it

More information about the Mageia-sysadm mailing list