[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie question about host base authentication



Dan White wrote:
On 10/29/12 13:23 +0100, Simone Scremin wrote:
Hi all,

I'm in the process of learning the OpenLDAP authentication mechanics.

I'd need to know what is the best way to configure an host based
authentication system that allow to configure a per-user rule to include a
group of host to which the user is allowed to login.

In example:

user Bob needs to authenticate on systems:

sys01pra
sys02pre
sys03pra
sys03pre

some configuration on the LDAP server enable this hostnames for Bob with a
regular expression like:

sys0*pr*

Is it feasable?

Assuming that you will be using a PAM module on each host, the answer to
that question will depend on which PAM module you choose, and what
configuration it supports.

If that module supports placing a filter within the PAM configuration, then
'host=sys0*pr*' should work.

The PADL pam_ldap module has no such feature. The OpenLDAP nssov overlay does.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/