When "LUM-enable" services like ssh on OES servers, all LUM-enabled users can ssh into these servers by default. The eDir object attribute uamPosixPAMServiceExcludeList can be used to limit this access, by populating this attribute on a eDir group and assigning the users (who should not be able to ssh) to that group.

This feature is available only for regular eDir groups so far. Extending it onto dynamic groups would allow a more automated and less error-prone configuration.

by: Frank L. | over a year ago | Linux User Mgt (LUM)