Re: What will happen if a user is a member of a group, but has another group as its primary group

Thursday, 2 August 2012

(CCing the list)

On 08/03/12 11:31 +0800, Qian Zhang wrote:
...
I am just wondering if there is a well-known rule for this use case,
I'd like to follow the general acceptable way. So most of people think
user1 should not log into the machine in this case, I will ingore
gidNumber and only care about memberUid attribute. 
Personally, I prefer to place authorization attributes within the user's dn,
rather than to maintain groups for the same purpose, but I have done it
both ways in the past.

Using 'nssov-pam userhost [...]' would be a good way to do that.

-- 
Dan White

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007