On Wednesday, 1 August 2012 22:21:07 Qian Zhang wrote:

 

> BTW, I do not know how to configure PAM to only allow a group or some

> groups to login the machine, if anyone can tell me the steps, it will

> be really appreciated!

 

This isn't specific to LDAP or any other nss plugin, but specific to PAM. You may want to look at the pam_listfile or pam_succeedif plugins, which should both be able to do this for any group (local, LDAP, other nss plugin).

 

Regards,

Buchan