On Fri, May 22, 2009 at 5:16 PM, Dumbo Q <dumboq(a)yahoo.com> wrote:
Thank you for the quick reply.
I also have a question about the posix groups.
To create a user in ds, the idm-console has a form which is quite easy. I
can also use this to create "Groups", but they are not unix groups. I assume
these are simply to keep organized all the users.
To add a unix group i have to create->new->other, and choose posix group.
Then i manually pick the gidnumber. It does not seem to matter where i
place this posix group. My first thought is that it is going to get very
messy trying to keep track of each users posixgroup.
secondly, does this seem like a good plan for authentication structure
\- all posix groups here.
But then how would i say users in companyb can only login to some hosts?
Fedora-directory-users mailing list
I use 'pam groupdn'
This allows you to create an object with a list of users dn's that can
log in. You can also use netgroups but this way is clean and has very
little configuration. You can also set a login group in sshd_config.
But then each of your machines will have a different sshd_config.