Re: Using filter passwd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Using filter passwd
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Using filter passwd
- Date: Fri, 27 May 2011 13:17:27 +0200
On Fri, 2011-05-27 at 12:28 +0200, Hugo Deprez wrote:
> It seems that if the filter return "no match found" loggin is accepted
This should not happen. If you provide a pam_authz_search option the
search should always be performed and access should be denied if no
match is found.
> If I give an attribute host=none to all the users without host
> atrribute, it match and access is denied.
>
> Is there a way to change this default behaviour ? I would like to
> avoid providing this attribute to all the users.
If you only want to grant access to your system to users that have the
host attribute set to the current hostname or "all" you could simply do:
pam_authz_search (&(objectClass=IT)(uid=$username)(|(host=$hostname)(host=all)))
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- Re: Using filter passwd, (continued)