[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: minimum ACLs to login to Linux system
Wow that was probably the fastest response I've ever gotten on a public list. :-) That being said, I have a question about your answer. By saying
access to *
by * read
you're granting read access to non-authenticated users to all areas of your LDAP tree that you haven't defined higher up in the config. What I would like to do is the exact opposite, i.e. restrict all access accept to the items explicitly allowed. I want my last rule to be the diametrically opposed to your last rule. Any idea on how that could be done?
Thanks,
Jason
P.S. Thanks for the whitepaper link. Definitely some useful info that I hadn't run across before.
-----Original Message-----
From: David Wright [mailto:ichbin@shadlen.org]
Sent: Wednesday, June 12, 2002 5:58 PM
To: Jason Corley
Cc: openldap-software@OpenLDAP.org
Subject: Re: minimum ACLs to login to Linux system
> I'd like to know what is the minimum access an anonymous user needs
> in order to log in to a Linux system.
access to attribute=userPassword
by self write
by anonymous auth
by * none
access to attribute=loginShell,shadowLastChange
by self write
by * read
access to *
by * read
For additional guidance, see my whitepaper (some parts still in progress)
at http://www.metaconsultancy.com/whitepapers.php