Am Donnerstag, 17. Dezember 2009 schrieb Jonas Smedegaard: > Please describe what is your scenario (e.g. are diskless? times? > users? other issues? involved). > Okay. I'll try once more:
User lib01 (in ldap) should only be allowed to login from static50 (10.0.2.100) - a semi-public accessible machine in our library. Especially, the anonymous account lib01 should not be used from within a class lab. The more I think about it, I feel there is a seperate solution for different protocols/profiles: For LTSP, it's not a big deal to block user lib01 in Xsession, I think. For workstations, it might get a bit harder, but possibly lib01 could get a .profile script closing the session if run from the wrong host. For Samba clients, there might be a way either in login.bat or in smb.conf to restrict login to specific hosts. But as all kind of protocols/profiles log to auth.log, pam could still be a central point of blocking... Regards Ralf -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

