Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only

[Warron S French <Warron.S.French@aero.org>]

Low Sensitivity/Aerospace Internal Use
Only

NetWarrior, are you attempting to apply a TCP_Wrappers like behavior but
implement it through LDAP?




Warron French, MBA,
SCSA


----- Forwarded by Warron
S French/Emp/Aerospace/US on 12/23/2013 07:42 AM -----

From:      
 Net Warrior <netwarrior863@gmail.com>
To:      
 openldap-technical
<openldap-technical@openldap.org>, 
Date:      
 12/23/2013 07:36 AM
Subject:    
   host Attribute
Sent by:    
   openldap-technical-bounces@OpenLDAP.org

---

Hi guys.
I'm trying to restric some user to login to some server, googling
around I found that some things can be donde with the host attribute,
this is what I got.

A user with host attribute and and a FQDN server on it
server.comap.com , the pam_check_host_attr set to yes in the client
configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
user can now login to that server, in my tests I can confirm that,
what I notice is that the user can loging to all the other servers in
the farm whaterver I set to  the host attribute

I read this article as a reference:
thornelabs dot net
/documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html

Please, can someone shed some light on this or clarify what I'm trying
to to is correct or wrong?

Thanks for your time and support
Regards



Low Sensitivity/Aerospace Internal Use Only