And fyi, here's an example... For a given host:
you use the authorizedService attribute to list the PAM services that
available. Then you set ACLs to control who can access each service,
access to dn.subtree=ou=hosts,dc=example,dc=com
by group.exact="cn=admins,ou=groups,dc=example,dc=com" write
by peername.ip=192.168.2.0%255.255.255.0 read
by * search
The overlay performs a Compare operation to check for the required
if you deny Compare access to a particular service, then users aren't
to use that service.
Very nice! We did something like this for a hosting company that had users accounts with
the services that
the user was allowed to access and the specific apps had the appropriate filters in the
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
Open Source. Open Solutions(tm).
Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.
Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html