On Thursday 29 March 2001 18:08, Alexander Reelsen wrote: > On Thu, Mar 29, 2001 at 10:03:39AM +1000, Russell Coker wrote: > > So the question is, what attribute should I use? > > This is the minor question IMHO.
Not so minor if you want to avoid having your schema break other software you may want to run in future... > > Another question is, does anyone have any other suggestions for doing > > such things? > > I would like to do this as well. If you authenticate using PAM and wnat to > exclude users from using ftpd and ssh, but still give them pop3/imap > accounts it would be nice to have such a thing without using pam_listfile. > I think the easiest way would be to patch pam_ldap to support some sort of > query arg in the /etc/pam.d/service file. Like 'query="popd=allowed"' or > similar. Why not just make the shell /bin/false for when you want to stop ftp and ssh, and make the shell /bin/true (and put /bin/true in /etc/shells) to allow ftp but not ssh? This is the traditional method of doing such things and it still works... I've replied to the list because I don't believe you wanted this discussion to be private and I think others on the list will benefit. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
