Date: Thu, 25 May 2006 15:59:03 +0400 From: Alexander Pyhalov <alp@rosten.elektra.ru> To: freebsd-questions@freebsd.org Subject: pam and group control Message-ID: <200605251559.03672.alp@rosten.elektra.ru>
next in thread | raw e-mail | index | archive | help
I have the following situation. FreeBSD machine is a member of Active Directory, and we have in /etc/pam.d/sshd: auth sufficient /usr/local/lib/pam_winbind.so auth required pam_unix.so no_warn try_first_pass account required pam_login_access.so account required pam_unix.so broken_shadow account sufficient /usr/local/lib/pam_winbind.so debug account required pam_permit.so session required /usr/local/lib/pam_mkhomedir.so password sufficient /usr/local/lib/pam_winbind.so use_authok debug password required pam_unix.so no_warn try_first_pass So, users from AD domain have access to the server throw ssh. Is there some pam module for FreeBSD (as pam_succeed_if.so in Linux) to control Windows groups that have access to the server? Or maybe there is other way to grant permission to login to BSD system only for some groups?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605251559.03672.alp>