[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only

To: Warron S French <Warron.S.French@aero.org>
Subject: Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
From: Net Warrior <netwarrior863@gmail.com>
Date: Mon, 23 Dec 2013 11:14:36 -0200
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xV6ChGrwUOJkOcaw/7hdstQH79Nc19ZUdIW5i5H176E=; b=sT7HfRhzPER+21GK0Wq7+uPODpf4Pd+QnUf7cJ3W+3WHS9P65NnHRDyRtb+AVXaoSr qHEI4+W5XVvTgenhBehIipA6ZFU36sjxU9U8KyrYTi6ehCO+cATQdmdI6G83p6NM/sjt 7XabEUTXlNGaaEy/zvqA1Viu1/IBCrxy2egfebb6/SA2yXT4USEV3oTlv5UyCHU8btRb SXy++A0LDa6u2+unIA7RCEXAzpygcKOkkrMTsFdZpF5hBOEAn/iNIZLroXhMFFlK9Gnf /6rlateJck9HzBy/dmRD4d8tJFdKjMvsDomgWPvDdPmX+z3aZ4LdYW/iqHVHyGYx6ZKt zW6w==
In-reply-to: <OFDE742935.51446345-ON85257C4A.0045DD20-85257C4A.0045ECA8@notes.aero.org>
References: <OFDE742935.51446345-ON85257C4A.0045DD20-85257C4A.0045ECA8@notes.aero.org>

Hi French

No tcp_wrapper behaviour, just found that article and I'm trying to
make it work as well, maybe I missundertood what the host attribute
really is for or the article is wrong or I'm doing something wrong, at
least in the logs I can see the pam_check_host is being evaluated.

slapd[20810]: conn=5374 op=4 MOD attr=host

Thanks for your time and support.
Regard

2013/12/23, Warron S French <Warron.S.French@aero.org>:
> Low Sensitivity/Aerospace Internal Use Only
>
> NetWarrior, are you attempting to apply a TCP_Wrappers like behavior but
> implement it through LDAP?
>
>
>
>
> Warron French, MBA, SCSA
>
>
> ----- Forwarded by Warron S French/Emp/Aerospace/US on 12/23/2013 07:42 AM
> -----
>
> From:   Net Warrior <netwarrior863@gmail.com>
> To:     openldap-technical <openldap-technical@openldap.org>,
> Date:   12/23/2013 07:36 AM
> Subject:        host Attribute
> Sent by:        openldap-technical-bounces@OpenLDAP.org
>
>
>
> Hi guys.
> I'm trying to restric some user to login to some server, googling
> around I found that some things can be donde with the host attribute,
> this is what I got.
>
> A user with host attribute and and a FQDN server on it
> server.comap.com , the pam_check_host_attr set to yes in the client
> configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
> user can now login to that server, in my tests I can confirm that,
> what I notice is that the user can loging to all the other servers in
> the farm whaterver I set to  the host attribute
>
> I read this article as a reference:
> thornelabs dot net
> /documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html
>
> Please, can someone shed some light on this or clarify what I'm trying
> to to is correct or wrong?
>
> Thanks for your time and support
> Regards
>
>
>
> Low Sensitivity/Aerospace Internal Use Only

Follow-Ups:
- Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
  - From: Howard Chu <hyc@symas.com>

References:
- Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
  - From: Warron S French <Warron.S.French@aero.org>

Prev by Date: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
Next by Date: Re: MDB_PAGE_FULL
Index(es):
- Chronological
- Thread