Winbind PAM.D AD Groups, CentOS 5, Allow Only?

view full story

http://unix.stackexchange.com – I'm attempting to create a configuration, where users in specified AD groups can log in. I'm having trouble stopping every AD user from logging in. I've been doing this though /etc/pam.d/sshd/ but is such a setup possible through /etc/pam.d/login? Wouldn't that be a safer option? I also really dislike winbind, and prefer the Kerberos+LDAP method, but unfortunately I'm not able to switch at this moment. I appreciate any help, as I've been reading for a while and have not found solid direction. These are the current pam.d configuration files, /etc/pam.d/system-auth #%PAM-1.0 # This fil (HowTos)