[Date Prev][Date Next] [Chronological] [Thread] [Top]

host Attribute

To: openldap-technical <openldap-technical@openldap.org>
Subject: host Attribute
From: Net Warrior <netwarrior863@gmail.com>
Date: Mon, 23 Dec 2013 10:14:55 -0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=A7QSLJr5TZa/UMm8ufe/Sz87MnVDqoddk+ABLXD2IDE=; b=0gap/QdwbgpHtPxSNoQQPiIMoEuYcioEUIdRR6hsJaa2Rfp+LuzjvYzCOHNgTGsdtL 26bWLCE5OOpyNvTQCB/xr5dl10V+BOE8uHRueL+UKuQLoOHUq9tsIB9YwJTgSphBw5S/ tGzyXkLqJR4iuho4/7X5tCvDQZjueMIAxF218Yi5j5NHXpB44cJblYSJD0Ukyr54IKjL UpLjMVN7UcZMmh9O4S0Zee5FafmQGYxQd2dgpe4bdfuVPe9oIhd7u0KVlmN1/jooNXR4 lOxl2XJKEltO2kPekSikVrx9uxBI14zsyM4+bV0cFIR9VNxBaVoyFe1hTN3VWy1/LPBz VQnw==

Hi guys.
I'm trying to restric some user to login to some server, googling
around I found that some things can be donde with the host attribute,
this is what I got.

A user with host attribute and and a FQDN server on it
server.comap.com , the pam_check_host_attr set to yes in the client
configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
user can now login to that server, in my tests I can confirm that,
what I notice is that the user can loging to all the other servers in
the farm whaterver I set to  the host attribute

I read this article as a reference:
thornelabs dot net
/documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html

Please, can someone shed some light on this or clarify what I'm trying
to to is correct or wrong?

Thanks for your time and support
Regards

Prev by Date: Fw: Fw: ADDING OBJECT CLASS --- Low Sensitivity/Aerospace Internal Use Only
Next by Date: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
Index(es):
- Chronological
- Thread