Date: Thu, 24 Jun 1999 00:04:30 -0400 (EDT) From: "John W. DeBoskey" <jwd@unx.sas.com> To: freebsd-hackers@freebsd.org Subject: Login validation by home directory location (PAM?) Message-ID: <199906240404.AAA34801@bb01f39.unx.sas.com>
next in thread | raw e-mail | index | archive | help
Hi, I have an administration problem that I'm trying to solve and I'm looking for comments and ideas. I have about 6000 users in the passwd file. We have a number of compute servers available to these users which (the boss) wants to have allocated according to where the users home directory is located. All the home directories are mounted via amd on a /nfs/machine.name.domain/ mount point. user1:::::/nfs/m1/usr/home/user1 user2:::::/nfs/m1/usr/home/user2 user3:::::/nfs/m1/usr/home/user3 For example, I want to allow user2 access to host server2, but not hosts server1 or server3. I don't want to have alot of passwd file maintenance, so I thought about modifing login to validate on the users home directory. So, in auth_traditional(), I check to see where the home directory is, and if it is valid for the current machine I authorize the login, otherwise I output an access denied msg and return failure. There must be a better way of doing this, but I don't see how. I've looked at PAM, but I don't understand how I could make this type of facility work except maybe in the pam_authenticate() routine. However, this seems complicated compared to simply modifying auth_traditional(). I'd appreciate any comments from folks who have done anything similar or used PAM to solve a related type of management issue. Thanks! John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906240404.AAA34801>