pam_unix2 ldap limiting host access
How can one go about limiting access to hosts by ldap users with suse pam_ldap and nss_ldap. It appears as though pam_unix2 actually uses nss_ldap and thus ignores the traditional pam_check_host_attr for pam_ldap in ldap.conf. In my network, we have multiple suse workstations and servers who authenticate to an ldap server and mount a remote home dir. I would like to limit access of users to certain and specific hosts by using the host dn in my ldap db. Thanks, Rian -- ******************************************************** * Rian Bogle * * Computer Programmer / IT Specialist * * Flagstaff Field Center * * US Geological Survey * * (928) 556 7212 * * * * "Unix is user friendly, * * its just particular about who its friends are...." * * * ********************************************************
On Thu, Aug 05, rian bogle wrote:
How can one go about limiting access to hosts by ldap users with suse pam_ldap and nss_ldap.
It appears as though pam_unix2 actually uses nss_ldap and thus ignores the traditional pam_check_host_attr for pam_ldap in ldap.conf.
This is impossible. nss_ldap is for the glibc NSS switch and does not provide passwords. So it cannot be used by a PAM module for authentification. pam_unix2 does of course dlopen() pam_ldap. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE Linux AG Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
participants (2)
-
rian bogle
-
Thorsten Kukuk