- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: Login Authenication
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-23-2006 01:19 PM
тАО08-23-2006 01:19 PM
and have already setup the openldap authentication while 192.168.0.1 is
the master ldap server , now the user can authenticate via the ldap
then access the servers, however , some users should not be allowed to
login 192.168.0.2 , but now they can login this server via the ldap as
the ldap server accept the authentication , for example , the user run
'ssh 192.168.0.2' , the ldap accept the authentication then allow the
user to login this server , can advise how to forbid the unauthorized
user can access 192.168.0.2' ? thx
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-23-2006 06:19 PM
тАО08-23-2006 06:19 PM
Re: Login Authenication
For eg on 192.168.0.2
change the ldap search filters to only allow certain userids, based on some attribute.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-23-2006 11:01 PM
тАО08-23-2006 11:01 PM
Re: Login Authenication
If so , I need to set the deny / accept list in all servers once I have created a user ? and could you point me to the doc for the setting ? thx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2006 02:10 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-03-2006 05:01 AM
тАО09-03-2006 05:01 AM
Re: Login Authenication
I have already follow the admin guide to setup it , add the below to the config file , but it is strange that when I use telnet to access the system , it pop "Access denied for this host" , but to still accept me to access the system , can advise why the system not deny me to access ? thx
#vi /etc/ldap.conf
pam_check_host_attr yes
#vi /etc/pam.d/system-auth
auth required /lib/security/pam_nologin.so
auth required pam_env.so
auth required /lib/security/pam_unix.so nullok shadow use_first_pass
auth sufficient /lib/security/pam_ldap.so
auth required pam_deny.so
account required /lib/security/pam_unix.so
account sufficient pam_localuser.so
account sufficient /lib/security/pam_ldap.so
#account sufficient [default=bad success=ok user_unknown=ignore service_err=igno
re system_err=ignore] /lib/security/$ISA/pam_ldap.so
#account [success=done new_authtok_reqd=done perm_denied=bad default=ignore] pam
_ldap.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_unix.so nullok use_authtok shadow md5
password sufficient pam_ldap.so use_authtok use_first_pass
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0066