[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Deny auth based on client



Shanker Balan wrote:
> > The standard behavior is to allow access to all hosts if the "host"
> > attributes are missing, and allow only to the specified hosts is one
> > or more host attributes exist.
> 
> Instead of hostnames, can I use domain names to restrict auth (or even
> wild cards)? The following don't work:
[snip]

Don't think so.  Code wouldn't appear to support it directly.
You might be able to simulate the behavior with the pam_filter ldap.conf
config directive...

pam_filter host=*.mydomain.com

Note that you might have to use an attribute other than "host", to avoid
conflicts with the built-in meaning to pamldap...

HTH.
-Alan

-- 
Alan Sparks, Sr. UNIX Administrator	asparks@quris.com
Quris, Inc.				(720) 836-2058