login restriction

Roberto C. Sánchez roberto at connexer.com
Wed Mar 12 06:43:08 EDT 2008


On Wed, Mar 12, 2008 at 10:29:07AM +0100, Marcin N wrote:
> Hello again
> I'm wondering if it is possible to make restriction on which hosts users 
> authorized by kerberos can log on.
> For now only users who have local account (so they are in /etc/password 
> and /etc/shadow) can log in to the machine.
> But is there possibility to control it via any kind of access list or 
> something like that - which would be managed on kdc?
> i would like to have all users local accounts on every machine and 
> decide which user can log to specific machine by setting it on kdc...
> is it possible?
> 
Kerberos is for authentication, not authorization.  You use something
like LDAP for authorization.

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080312/c245e4be/attachment.bin


More information about the Kerberos mailing list