pam_authz_search, match multiple criteria, is it possible?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
pam_authz_search, match multiple criteria, is it possible?
- From: Tim <weirdit [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: pam_authz_search, match multiple criteria, is it possible?
- Date: Tue, 28 Jun 2011 23:26:50 +1000
I hoping to restrict login access to a machine based on a number of
groups. I don't want to filter all these users out as they can still
have accounts on the machine, they just can't login via pam.
Essentially the criteria for logging into the machine is that they are
in group shell, as well as one of admin or committee.
My working pam_authz_search for logging in based on ether admin or committee is:
pam_authz_search
(&(objectClass=posixGroup)(member=$dn)(|(cn=admin)(cn=committee)))
Is it possible to somehow modify it so it requires the shell group as
well ether of admin and committee? My attempt is below and didn't
work.
pam_authz_search
(&(&(objectClass=posixGroup)(member=$dn)(|(cn=admin)(cn=committee)))(&(cn=shell)(member=$dn)))
My guess is that because it's a normal ldap search, that it's not
possible and that I'm probably going about it the wrong way. Should I
be restricting this somewhere else in pam?
Thanks guys. Sorry if this is obvious how to do this, its late at
night and I'm probably not thinking straight.
Tim
--
Timothy White - Somewhere in Australia
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- pam_authz_search, match multiple criteria, is it possible?,
Tim