pam_authz_search, match multiple criteria, is it possible?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Tim <weirdit [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: pam_authz_search, match multiple criteria, is it possible?
Date: Tue, 28 Jun 2011 23:26:50 +1000

I hoping to restrict login access to a machine based on a number of
groups. I don't want to filter all these users out as they can still
have accounts on the machine, they just can't login via pam.

Essentially the criteria for logging into the machine is that they are
in group shell, as well as one of admin or committee.

My working pam_authz_search for logging in based on ether admin or committee is:
pam_authz_search
(&(objectClass=posixGroup)(member=$dn)(|(cn=admin)(cn=committee)))

Is it possible to somehow modify it so it requires the shell group as
well ether of admin and committee? My attempt is below and didn't
work.
pam_authz_search
(&(&(objectClass=posixGroup)(member=$dn)(|(cn=admin)(cn=committee)))(&(cn=shell)(member=$dn)))

My guess is that because it's a normal ldap search, that it's not
possible and that I'm probably going about it the wrong way. Should I
be restricting this somewhere else in pam?

Thanks guys. Sorry if this is obvious how to do this, its late at
night and I'm probably not thinking straight.

Tim

-- 
Timothy White - Somewhere in Australia
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

pam_authz_search, match multiple criteria, is it possible?, Tim

Re: pam_authz_search, match multiple criteria, is it possible?, Arthur de Jong

Prev by Date: Re: Create rpm
Next by Date: Re: Setting up authentication on a non-public LDAP directory
Previous by thread: Re: Create rpm
Next by thread: Re: pam_authz_search, match multiple criteria, is it possible?