Can you use LDAP and PAM to implement a restricted shell and control those users via groups on the LDAP DC?
I would like to do this for several Red Hat, Solaris and Ubuntu servers?
Thanks!
Asked
Active
Viewed 134 times
1 Answers
0
The very short answer is yes. However, your question is rather broad and answering it in full is outside the scope of this site.
The general outline is to use nss-ldap to pull posixGroups via LDAP and have sshd use those groups as the condition for a Match block with a ForcedCommand directive.
84104
- 12,905
- 6
- 45
- 76