« Return to Thread: multiple pam_groupdn or other solution for multiple group restriction

multiple pam_groupdn or other solution for multiple group restriction

by jlintz :: Rate this Message:

Hi,

I see that it's not possible to put multiple groups in pam_groupdn and
I was wondering if there is a workaround solution for allowing users
of multiple groups to access a server? I saw a couple years ago in
the archives someone mentioned a patch they wrote for multiple
pam_groupdns but that doesn't seem ideal to use in a large scale
deployment and would cause issues with future upgrades. Currently as
a workaround I'm using sshd's AllowGroups setting and not doing any
filtering at the pam leve. The only problem with this is now if I
have any other application that uses pam for authentication (ie.
vsftpd) it won't have any restrictions on who can login.

- Justin Lintz

« Return to Thread: multiple pam_groupdn or other solution for multiple group restriction