[Date Prev][Date Next]
Re: Limiting finger lookup access on Linux
Yes, or a configuration for PAM that limits which users it provides
On Sep 12, 2009, at 9:17 PM, Howard Chu wrote:
Brett @Google wrote:
On Sat, Sep 12, 2009 at 1:08 AM, Rex Roof <firstname.lastname@example.org
I have some linux machines that I have configured for student
access. We are authenticating against our OpenLDAP tree and
limiting which users have access via an LDAP groupOfNames. This
all working perfectly.
This is the problem I am having. Any user with access to the
system can run the /usr/bin/finger command and do a name search
against our entire LDAP tree. I would like to limit the info
available via finger to just the users that have access to any
particular machine. How can this be controlled?
This sounds more like a firewall / iptables issue to your finger
than anything else ?
No, doesn't sound like that to me.
Essentially he wants an ACL that grants access to nss-ldap searches
the target entries belonging to a group associated with a particular
But at the moment, I can't think of any mechanism to do this in the
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/