[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting host access

On Wed, Nov 23, 2011 at 7:18 PM, Buchan Milne <bgmilne@staff.telkomsa.net> wrote:
On Tuesday, 22 November 2011 13:35:22 Jayavant Patil wrote:

>>   I got the desired solution. Thanks Buchan !!!
>>  My next query is as follows:
>>   Suppose we have 1000 hosts and we want to give 'user1' access to 999
>> hosts (with 1 restricted host). Then, in such case, we need to specify all
>> 999 permitted host names in .ldif file.
>>   There are wildcards like '*' stands for all hosts and '!' stands for
>> excluding host.
>>   e.g.
>>  1. host: *
>>     will allow access to all client nodes.
>>   2. host: !n1000
>>   will not allow access to n1000 client node.
>>   In the above mentioned scenario, when I specify the following it doesn't
>> work:
>>   host: *
>>   host: !n1000
>>   It will allow access to all 1000 hosts.

>What is the output of 'hostname' for the host you have indicated here as
>'n1000' ?

>Also, have you tested the case of only allowing access to this host, using:

>host: n1000

    yes, this is working (just a single host entry i.e. host: n1000 or host: * or host: !n1000). Still my question is how do I use the two host entries as specified in scenario above (1) ans (2) in order to restrict access to n1000 client node and allowing access to all other 999 client nodes without specifying hostnames for these 999 hosts?

>(and no other host entries)

>>   when I specify the following:
>>   host: *,!n1000

>I don't think this is correct.

>>    It is restricting access to all 1000 hosts.
>> Does anybody know how to use these wildcards(*,!) to get the desired
>> solution?

>From my brief look at the source, the first example you have in (2) above
>should work, assuming the hostname you have used is correct.



Thanks & Regards,
Jayavant Ningoji Patil
Engineer: System Software
Computational Research Laboratories Ltd.
Pune-411 004.
Maharashtra, India.
+91 9923536030.