[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Deny auth based on client
Shanker Balan wrote:
> > The standard behavior is to allow access to all hosts if the "host"
> > attributes are missing, and allow only to the specified hosts is one
> > or more host attributes exist.
>
> Instead of hostnames, can I use domain names to restrict auth (or even
> wild cards)? The following don't work:
[snip]
Don't think so. Code wouldn't appear to support it directly.
You might be able to simulate the behavior with the pam_filter ldap.conf
config directive...
pam_filter host=*.mydomain.com
Note that you might have to use an attribute other than "host", to avoid
conflicts with the built-in meaning to pamldap...
HTH.
-Alan
--
Alan Sparks, Sr. UNIX Administrator asparks@quris.com
Quris, Inc. (720) 836-2058