[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deny auth based on client

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: Deny auth based on client
From: Shanker Balan <shanu@exocore.com>
Date: Tue, 31 Jul 2001 11:21:24 +0530
Content-disposition: inline
In-reply-to: <3B6582DC.DAED741F@quris.com>; from asparks@quris.com on Mon, Jul 30, 2001 at 09:53:00AM -0600
Organisation: Exocore Consulting (P) Ltd <http://www.exocore.com>
References: <Pine.GSO.4.33.0107301009090.3340-100000@sirius.aero.und.edu> <3B6582DC.DAED741F@quris.com>
User-agent: Mutt/1.2.5i

Hello:

Alan Sparks wrote,
> Add an attribute "host" to the user entry, where the value is the
> fully-qualified name of the host he's allowed to log into.  Add as
> many of these "host" attributes as you need, each the name of a
> machine he's allowed on.
> 
> The standard behavior is to allow access to all hosts if the "host"
> attributes are missing, and allow only to the specified hosts is one
> or more host attributes exist.

This is a very neat feature and works very well too, just tried it on
my myself :)

Instead of hostnames, can I use domain names to restrict auth (or even
wild cards)? The following don't work:

host: .mydomain.com
host: mydomain.com
host: *.mydomain.com

-- Shanu

-- 
 ------------------------------------------( Shanu )-----
 Shanker Balan            http://people.exocore.com/shanu
 God is silent. Now if we can only get Man to shut up.

Follow-Ups:
- Re: Deny auth based on client
  - From: Alan Sparks <asparks@quris.com>

References:
- Deny auth based on client
  - From: Andrew C Altepeter <aaltepet@cs.und.edu>
- Re: Deny auth based on client
  - From: Alan Sparks <asparks@quris.com>

Prev by Date: SSL/TLS problem (unknown protocol)
Next by Date: Re: SSL/TLS problem (unknown protocol)
Index(es):
- Chronological
- Thread