Adding LDAP netgroup access control to pam_access.so via access.conf
I'm trying to apply access controls to a Debian Sarge (libc6) system
using netgroups that have been added to LDAP. LDAP Authentication
already works. The /etc/nsswitch.conf file has the line
"netgroup: ldap". I can also use getent to show me the netgroup
triples that I want to see. I feel pretty confident that I have
properly distributed the netgroup map to the client via LDAP.
What's not working is applying netgroups as an access control
mechanism. I added the following to /etc/security/access.conf:
+ : root : LOCAL
+ : @sysadmins : ALL
- : ALL : ALL
I also uncommented the line "account required pam_access.so" in
/etc/pam.d/login. I've been testing with ssh access. I tried
restarting sshd. I also restarted nscd after making changed.
The net effect is that there are still no access controls.
I may be missing something, but I can't figure out what it is. Any
suggestions?
Thanks,
--Bruce
Reply to: