[Date Prev][Date Next]
Re: Newbie question about host base authentication
that trick would work in particular cases, but not sure
that it would scale in a large number of lively machines
environnement : suppose you want to change ACL for a
particular server without changing its name ?
Intutively, I would rather opt for host group management
(posix or group of) within ldap ?
Still, issue of which container remains.
2012/10/29 Dan White <firstname.lastname@example.org>:
> On 10/29/12 09:38 -0500, Dan White wrote:
>> On 10/29/12 13:23 +0100, Simone Scremin wrote:
>>> Hi all,
>>> I'm in the process of learning the OpenLDAP authentication mechanics.
>>> I'd need to know what is the best way to configure an host based
>>> authentication system that allow to configure a per-user rule to include
>>> group of host to which the user is allowed to login.
>>> In example:
>>> user Bob needs to authenticate on systems:
>>> some configuration on the LDAP server enable this hostnames for Bob with
>>> regular expression like:
>>> Is it feasable?
>> Assuming that you will be using a PAM module on each host, the answer to
>> that question will depend on which PAM module you choose, and what
>> configuration it supports.
>> If that module supports placing a filter within the PAM configuration,
>> 'host=sys0*pr*' should work.
> Or, if you wish to literally store 'sys0*pr*' within your host entry in
> ldap, your filter could be:
> Dan White