[Date Prev][Date Next]
Re: Deny auth based on client
Shanker Balan wrote:
> > The standard behavior is to allow access to all hosts if the "host"
> > attributes are missing, and allow only to the specified hosts is one
> > or more host attributes exist.
> Instead of hostnames, can I use domain names to restrict auth (or even
> wild cards)? The following don't work:
Don't think so. Code wouldn't appear to support it directly.
You might be able to simulate the behavior with the pam_filter ldap.conf
Note that you might have to use an attribute other than "host", to avoid
conflicts with the built-in meaning to pamldap...
Alan Sparks, Sr. UNIX Administrator firstname.lastname@example.org
Quris, Inc. (720) 836-2058