login restriction
Franco Milicchio
senseiwa at mac.com
Wed Mar 12 06:57:52 EDT 2008
On Mar 12, 2008, at 11:43 AM, Roberto C. Sánchez wrote:
> On Wed, Mar 12, 2008 at 10:29:07AM +0100, Marcin N wrote:
>> Hello again
>> I'm wondering if it is possible to make restriction on which hosts
>> users
>> authorized by kerberos can log on.
>> For now only users who have local account (so they are in /etc/
>> password
>> and /etc/shadow) can log in to the machine.
>> But is there possibility to control it via any kind of access list or
>> something like that - which would be managed on kdc?
>> i would like to have all users local accounts on every machine and
>> decide which user can log to specific machine by setting it on kdc...
>> is it possible?
>>
> Kerberos is for authentication, not authorization. You use something
> like LDAP for authorization.
Or use PAM with groups (either on LDAP or in /etc).
More information about the Kerberos
mailing list