[Infrastructures] authentication of groups of users

[David Magda]

On Sun, May 01, 2005 at 02:34:06PM +0200, Rudy Gevaert wrote:

> How does one easily setup systems that allow only some people to
> login?

Which operating system is this for?

> But what with using LDAP as directory server and authentication
> server? What can you do to accomplish the same effect?

You can accomplish this the same way under Solaris, HP-UX and (I
think) Linux with LDAP using "compat" in nsswitch.conf. See the
nsswitch.conf(4/5) man page for details.

> And what with Kerberos (and a directory server of your choice)?

Kerberos is only about authentication. There is no authorization
mechanism that would do this in the kerberos protocol (i.e., it only
proves that a person is who they claim to be, bot what they're
allowed to do).

> What are some ways to do this?

A vague question will produce vague answers. Can you provide more
details on the environment in question?

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI