[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only

To: Howard Chu <hyc@symas.com>
Subject: Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
From: Net Warrior <netwarrior863@gmail.com>
Date: Mon, 23 Dec 2013 12:04:53 -0200
Cc: Warron S French <Warron.S.French@aero.org>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SrsDzGiOI0P3tNOWSV4jzfBL5s3UZG2et+J1tq86XGk=; b=cT1bv5uS3bGMf/AWb9/BmBTEirKP/0MdSsmlOdqToWaza2mvEI6vB2Ajmbl+w65QFi 10gwVxEYz4BBP4WgoKRWKHBxb02Zecnlsjce64VXVOyH3a6AwXU5fuAnpXMz9t/38MSS 4g14L3kAMbTadWI6GTUtUdHiR7bXolK5DCMztAAp/GvCN1oCOCrotimCIsCDoufHC4Av +DXBkoSjSfzIjQoSBT7DFjuksYnrR9aGWe7YmkXRdplMq3WWE2sTym+Q9Q2SKpJK8wFM 0pR7RPMd36FQUEd33MWso6JrOGfl8a4J7f5kqJ2+bPrVMU0JpKmkGLHKtIPxbA/HA9xS VQLA==
In-reply-to: <52B83D72.6000703@symas.com>
References: <OFDE742935.51446345-ON85257C4A.0045DD20-85257C4A.0045ECA8@notes.aero.org> <CAP7y58O7dtq5dw8DZ75QEpR9kkL0jV7Rs3vyZhB9uYTWLDetRQ@mail.gmail.com> <52B83D72.6000703@symas.com>

Hi Howard.

Thanks for the advice, I noticed that it works on some systems, I have
some old rhel4.8 ( lots of them ) where is not working, but with new
centos 6.x  it works fine and eventhough I specify it's IP only and
not the FQDN, on the other hand  did not know about the nssov overlay,
I'll take a look, and I'll keep researching the issue on the old
systems with openldap-2.2.13-7.4E , openldap-clients-2.2.13-7.4E and
nss_ldap-226-18.


Thank you very much for your time and support
Regards.

2013/12/23, Howard Chu <hyc@symas.com>:
> Net Warrior wrote:
>> Hi French
>>
>> No tcp_wrapper behaviour, just found that article and I'm trying to
>> make it work as well, maybe I missundertood what the host attribute
>> really is for or the article is wrong or I'm doing something wrong, at
>> least in the logs I can see the pam_check_host is being evaluated.
>
> all of this pam_ldap stuff is obsolete. nssov implements much finer grained
>
> authorization.
>>
>> slapd[20810]: conn=5374 op=4 MOD attr=host
>>
>> Thanks for your time and support.
>> Regard
>>
>> 2013/12/23, Warron S French <Warron.S.French@aero.org>:
>>> Low Sensitivity/Aerospace Internal Use Only
>>>
>>> NetWarrior, are you attempting to apply a TCP_Wrappers like behavior but
>>> implement it through LDAP?
>>>
>>>
>>>
>>>
>>> Warron French, MBA, SCSA
>>>
>>>
>>> ----- Forwarded by Warron S French/Emp/Aerospace/US on 12/23/2013 07:42
>>> AM
>>> -----
>>>
>>> From:   Net Warrior <netwarrior863@gmail.com>
>>> To:     openldap-technical <openldap-technical@openldap.org>,
>>> Date:   12/23/2013 07:36 AM
>>> Subject:        host Attribute
>>> Sent by:        openldap-technical-bounces@OpenLDAP.org
>>>
>>>
>>>
>>> Hi guys.
>>> I'm trying to restric some user to login to some server, googling
>>> around I found that some things can be donde with the host attribute,
>>> this is what I got.
>>>
>>> A user with host attribute and and a FQDN server on it
>>> server.comap.com , the pam_check_host_attr set to yes in the client
>>> configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
>>> user can now login to that server, in my tests I can confirm that,
>>> what I notice is that the user can loging to all the other servers in
>>> the farm whaterver I set to  the host attribute
>>>
>>> I read this article as a reference:
>>> thornelabs dot net
>>> /documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html
>>>
>>> Please, can someone shed some light on this or clarify what I'm trying
>>> to to is correct or wrong?
>>>
>>> Thanks for your time and support
>>> Regards
>>>
>>>
>>>
>>> Low Sensitivity/Aerospace Internal Use Only
>>
>>
>
>
> --
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

References:
- Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
  - From: Warron S French <Warron.S.French@aero.org>
- Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
  - From: Net Warrior <netwarrior863@gmail.com>
- Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: MDB_PAGE_FULL
Next by Date: Oracle OpenLDAP PPolicy ppolicy and the hierarchy
Index(es):
- Chronological
- Thread