[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deny auth based on client

To: Shanker Balan <shanu@exocore.com>
Subject: Re: Deny auth based on client
From: Alan Sparks <asparks@quris.com>
Date: Tue, 31 Jul 2001 09:00:58 -0600
Cc: OpenLDAP-software@OpenLDAP.org
Organization: Quris, Inc.
References: <Pine.GSO.4.33.0107301009090.3340-100000@sirius.aero.und.edu> <3B6582DC.DAED741F@quris.com> <20010731112124.B2499@exocore.com>

Shanker Balan wrote:
> > The standard behavior is to allow access to all hosts if the "host"
> > attributes are missing, and allow only to the specified hosts is one
> > or more host attributes exist.
> 
> Instead of hostnames, can I use domain names to restrict auth (or even
> wild cards)? The following don't work:
[snip]

Don't think so.  Code wouldn't appear to support it directly.
You might be able to simulate the behavior with the pam_filter ldap.conf
config directive...

pam_filter host=*.mydomain.com

Note that you might have to use an attribute other than "host", to avoid
conflicts with the built-in meaning to pamldap...

HTH.
-Alan

-- 
Alan Sparks, Sr. UNIX Administrator	asparks@quris.com
Quris, Inc.				(720) 836-2058

References:
- Deny auth based on client
  - From: Andrew C Altepeter <aaltepet@cs.und.edu>
- Re: Deny auth based on client
  - From: Alan Sparks <asparks@quris.com>
- Re: Deny auth based on client
  - From: Shanker Balan <shanu@exocore.com>

Prev by Date: Re: Openldap and Solaris 8
Next by Date: Re: Openldap and Solaris 8
Index(es):
- Chronological
- Thread