Re: schema for NSS LDAP with not all accounts active
- To: Alexander Reelsen <firstname.lastname@example.org>
- Cc: email@example.com
- Subject: Re: schema for NSS LDAP with not all accounts active
- From: Russell Coker <firstname.lastname@example.org>
- Date: Thu, 29 Mar 2001 22:19:44 +1000
- Message-id: <01032922194401.00685@lyta>
- Reply-to: Russell Coker <email@example.com>
- In-reply-to: <20010329100830.A2549@joker.rhwd.owl.de>
- References: <01032910033900.00685@lyta> <20010329100830.A2549@joker.rhwd.owl.de>
On Thursday 29 March 2001 18:08, Alexander Reelsen wrote:
> On Thu, Mar 29, 2001 at 10:03:39AM +1000, Russell Coker wrote:
> > So the question is, what attribute should I use?
> This is the minor question IMHO.
Not so minor if you want to avoid having your schema break other software you
may want to run in future...
> > Another question is, does anyone have any other suggestions for doing
> > such things?
> I would like to do this as well. If you authenticate using PAM and wnat to
> exclude users from using ftpd and ssh, but still give them pop3/imap
> accounts it would be nice to have such a thing without using pam_listfile.
> I think the easiest way would be to patch pam_ldap to support some sort of
> query arg in the /etc/pam.d/service file. Like 'query="popd=allowed"' or
Why not just make the shell /bin/false for when you want to stop ftp and ssh,
and make the shell /bin/true (and put /bin/true in /etc/shells) to allow ftp
but not ssh? This is the traditional method of doing such things and it
I've replied to the list because I don't believe you wanted this discussion
to be private and I think others on the list will benefit.
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page