login restriction
Roberto C. Sánchez
roberto at connexer.com
Wed Mar 12 06:43:08 EDT 2008
On Wed, Mar 12, 2008 at 10:29:07AM +0100, Marcin N wrote:
> Hello again
> I'm wondering if it is possible to make restriction on which hosts users
> authorized by kerberos can log on.
> For now only users who have local account (so they are in /etc/password
> and /etc/shadow) can log in to the machine.
> But is there possibility to control it via any kind of access list or
> something like that - which would be managed on kdc?
> i would like to have all users local accounts on every machine and
> decide which user can log to specific machine by setting it on kdc...
> is it possible?
>
Kerberos is for authentication, not authorization. You use something
like LDAP for authorization.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080312/c245e4be/attachment.bin
More information about the Kerberos
mailing list