[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
Hi French
No tcp_wrapper behaviour, just found that article and I'm trying to
make it work as well, maybe I missundertood what the host attribute
really is for or the article is wrong or I'm doing something wrong, at
least in the logs I can see the pam_check_host is being evaluated.
slapd[20810]: conn=5374 op=4 MOD attr=host
Thanks for your time and support.
Regard
2013/12/23, Warron S French <Warron.S.French@aero.org>:
> Low Sensitivity/Aerospace Internal Use Only
>
> NetWarrior, are you attempting to apply a TCP_Wrappers like behavior but
> implement it through LDAP?
>
>
>
>
> Warron French, MBA, SCSA
>
>
> ----- Forwarded by Warron S French/Emp/Aerospace/US on 12/23/2013 07:42 AM
> -----
>
> From: Net Warrior <netwarrior863@gmail.com>
> To: openldap-technical <openldap-technical@openldap.org>,
> Date: 12/23/2013 07:36 AM
> Subject: host Attribute
> Sent by: openldap-technical-bounces@OpenLDAP.org
>
>
>
> Hi guys.
> I'm trying to restric some user to login to some server, googling
> around I found that some things can be donde with the host attribute,
> this is what I got.
>
> A user with host attribute and and a FQDN server on it
> server.comap.com , the pam_check_host_attr set to yes in the client
> configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
> user can now login to that server, in my tests I can confirm that,
> what I notice is that the user can loging to all the other servers in
> the farm whaterver I set to the host attribute
>
> I read this article as a reference:
> thornelabs dot net
> /documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html
>
> Please, can someone shed some light on this or clarify what I'm trying
> to to is correct or wrong?
>
> Thanks for your time and support
> Regards
>
>
>
> Low Sensitivity/Aerospace Internal Use Only