[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Restricting Logon permission based on 'host' attribute ?

To: "'Daniel Davidson'" <danield@life.uiuc.edu>, OpenLDAP-Software@OpenLDAP.org
Subject: RE: Restricting Logon permission based on 'host' attribute ?
From: Rob De Langhe <rob.delanghe@telindus.be>
Date: Fri, 7 Mar 2003 13:13:43 +0100

Hi,

someone mentioned that using "PDAM-LDAP" and "NSS-LDAP", there would be a
'host' attribute in one of the schemas that can be used to define a list of
hostnames on which a user is allowed to login.

How does this map to the standard PAM modules shipped on a Solaris-9 server
?
Is there a special entry that needs to be added/modifed in its /etc/pam.conf
file ?

Thanks,

Rob

> -----Original Message-----
> From: Daniel Davidson [mailto:danield@life.uiuc.edu]
> Sent: donderdag 6 maart 2003 19:45
> To: OpenLDAP-Software@OpenLDAP.org
> Subject: Re: Restricting Logon permission
> 
> 
> Nevermind, I was looking at the wrong file.
> 
> Dan
> 
> 
> On Thursday 06 March 2003 10:58 am, Daniel Davidson wrote:
> > Thanks for the help, although I still have a few questions.
> >
> > I found the host attribute in cosine.schema, however to get 
> this to start
> > working, dont I have to change something in nsswitch.conf?  
> If so, can you
> > tell me what the line is supposed to be.
> >
> > thanks again,
> >
> > Dan
> >
> > On Wednesday 05 March 2003 03:59 pm, tsg wrote:
> > > Среда 05 Март 2003 22:26, Wade Winright написал:
> > > > Can you utilize pam? If you are using Linux or Solaris, 
> I believe this
> > > > would be the best way to implement this...
> > > >
> > > >
> > > > -----Original Message-----
> > > > From:	Daniel Davidson [mailto:danield@life.uiuc.edu]
> > > > Sent:	Wed 3/5/2003 1:04 PM
> > > > To:	OpenLDAP-Software@OpenLDAP.org
> > > > Cc:
> > > > Subject:	Restricting Logon permission
> > > > We are working on trying unifying our password database 
> via openldap,
> > > > and I am looking for a way to restrict logon rights, so 
> only certain
> > > > people can log onto some servers.  For example I do not 
> want everyone
> > > > to be able to log onto a machine we use for testing 
> applications before
> > > > we make them public, but it would be nice if we could 
> use ldap for
> > > > authentication.
> > > >
> > > > thanks for any help,
> > > >
> > > > Dan
> > >
> > > If You use PAM-LDAP & NSS-LDAP there is attribute "host" 
> in pam-ldap
> > > schema, where You can list all hosts the User can log in.
> > > Sergios
> 
>

Prev by Date: Re: Adding an LDIF entry to openldap
Next by Date: Help, please! My OpenLDAP server stopped working!
Index(es):
- Chronological
- Thread