Dan MacNeil wrote: > > man sshd_config says: > > AllowGroups > This keyword can be followed by a list of group name > patterns, separated by spaces. If specified, login > is allowed only for users whose primary group or > supplementary group list matches one of the patterns. > '*' and '?' can be used as wildcards in the patterns. > Only group names are valid; a numerical group ID > is not recognized. By default, login is allowed > for all groups. > > --I think somebody pointed this out to me. I don't think I read the man > page on my own. I am aware of that but that would imply having POSIX groups which list who can log into which boxes. A user could do a "getent group groupname" to see who can access boxes which worries me somewhat. I am also aware of the pam_ldap filter setting that limits that can limit on groupOfNames groups. My question was more orientated towards how people are approaching the problem/whether it is even a problem? S. -- Simon Tennant ________________ http://imaginator.com/~simon/contact
Attachment:
signature.asc
Description: OpenPGP digital signature