[Infrastructures] authentication of groups of users

[Ivan Popov]

On Sun, May 01, 2005 at 02:34:06PM +0200, Rudy Gevaert wrote:
> How does one easily setup systems that allow only some people to
> login?
> 
> E.g. the on the main servers only a couple of people are allowed to
> login.

Hi Rudy,

we are using pam_require, though of course it is only applicable to
pam-aware systems.

> But what with using LDAP as directory server and authentication
> server? What can you do to accomplish the same effect?  
> 
> And what with Kerberos (and a directory server of your choice)?

Kerberos is capable of authentication, but not authorization.
pam_require (with a trustable name service, like local files)
does a good job at authorization.

Regards,
--
Ivan