From owner-freebsd-questions@FreeBSD.ORG Mon Feb 23 13:17:52 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6302F106566B for ; Mon, 23 Feb 2009 13:17:52 +0000 (UTC) (envelope-from milu@dat.pl) Received: from jab.dat.pl (dat.pl [80.51.155.34]) by mx1.freebsd.org (Postfix) with ESMTP id 1A7408FC0C for ; Mon, 23 Feb 2009 13:17:51 +0000 (UTC) (envelope-from milu@dat.pl) Received: from localhost (jsrv.dat.pl [127.0.0.1]) by jab.dat.pl (Postfix) with ESMTP id 1C0B0A9; Mon, 23 Feb 2009 14:17:49 +0100 (CET) X-Virus-Scanned: amavisd-new at dat.pl Received: from jab.dat.pl ([127.0.0.1]) by localhost (jab.dat.pl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id TFG3RChw0-gB; Mon, 23 Feb 2009 14:17:45 +0100 (CET) Received: from snifi.localnet (87-204-241-35.ip.netia.com.pl [87.204.241.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jab.dat.pl (Postfix) with ESMTPSA id B36AA71; Mon, 23 Feb 2009 14:17:45 +0100 (CET) From: Maciej Milewski To: freebsd-questions@freebsd.org Date: Mon, 23 Feb 2009 14:17:39 +0100 User-Agent: KMail/1.11.0 (Linux/2.6.28-ARCH; KDE/4.2.0; x86_64; ; ) References: <200902230937.n1N9bJ9l016999@banyan.cs.ait.ac.th> In-Reply-To: <200902230937.n1N9bJ9l016999@banyan.cs.ait.ac.th> MIME-Version: 1.0 Message-Id: <200902231417.39868.milu@dat.pl> Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Olivier Nicole Subject: Re: LDAP pam X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2009 13:17:53 -0000 Monday 23 February 2009 10:37:19 Olivier Nicole napisa=B3(a): > I want the web server to be able to know the users' account stored on > LDAP, but not provide authentication; so I can have URL's of the form > http://my.web/~john/index.html for the user john, where john's home > directory if NFS mounted from the file server, but I don't want john > to be able to log onto the web server. > Of course certain users will be allowed to log onto the web server. > How can this be done with LDAP and PAM. > TIA, > Olivier If you don't want to let users logon to server through SSH you can use=20 DenyUsers/AllowUsers directive in sshd_config As for LDAP and PAM/system there should be some howtos on the net. Shortly:= =20 you will need to install nss_ldap and pam_ldap and setup it correctly to ge= t=20 users from ldap showing in your system. Maciek