[28793] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: How can I prevent a user principal from accessing a kerberoized

daemon@ATHENA.MIT.EDU (Javier Palacios)
Mon Nov 26 12:10:32 2007

Message-ID: <a64bf030711260910p50336baema4eabfdfe8d47d6a@mail.gmail.com>
Date: Mon, 26 Nov 2007 18:10:10 +0100
From: "Javier Palacios" <javiplx@gmail.com>
To: "Amir Saad" <eng__amir@hotmail.com>
In-Reply-To: <BAY124-W20D0BF889F9F6E8D667999B4740@phx.gbl>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Nov 25, 2007 8:40 AM, Amir Saad <eng__amir@hotmail.com> wrote:
>
> I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login successfully to all machines using my Kerberos principal. I need to create a limited account that is able to access only a few hosts/services not all machines/services. How can I do this?

It is not too flexible, but search for pam_groupdn and pam_member_attribute.

Javier Palacios
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28793] in Kerberos

Re: How can I prevent a user principal from accessing a kerberoized

daemon@ATHENA.MIT.EDU (Javier Palacios)Mon Nov 26 12:10:32 2007

daemon@ATHENA.MIT.EDU (Javier Palacios)
Mon Nov 26 12:10:32 2007