On Fri, 12 Feb 2010, Sean Carolan wrote:
For example, we might have a group called db-ssh that defines a user
group allowed to access database servers. Then we just make sure DB
hosts get AllowGroups db-ssh added to their SSH configs. Plopping a
user into the db-ssh group in LDAP then
It's not clear to me what OS/distribution you're doing this on, but for
the most part we have cfengine run authconfig on our Red Hat boxes to
set up the basic LDAP auth (it's a one-liner if done that way), and then
push around the sshd_config file.
We have a combination of centos and Red Hat