Ineffective pam_authz_search
[Date Prev][Date Next] [Thread Prev][Thread Next]Ineffective pam_authz_search
- From: Ксения Юрьевна Блащук <ksyblast [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Ineffective pam_authz_search
- Date: Thu, 6 Feb 2014 13:44:41 +0300
I am using sys-auth/nss-pam-ldapd-0.8.13 on gentoo.
I try to emulate the pam_check_host_attr option with:
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
But still, user is available to login even if specific $hostname or $fqdn is not specified in his LDAP account, so it becomes a security issue.I try to emulate the pam_check_host_attr option with:
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
nslcd: <passwd="mylogin"> DEBUG: myldap_search(base="dc=mydc,dc=mydc", filter="(&(objectClass=posixAccount)(uid=mylogin))")
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Ineffective pam_authz_search, Ксения Юрьевна Блащук
- Re: Ineffective pam_authz_search, Arthur de Jong
- Prev by Date: Re: [Patch] Add support for Windows BUILTIN groups
- Next by Date: Re: Ineffective pam_authz_search
- Previous by thread: Re: [Patch] Add support for Windows BUILTIN groups
- Next by thread: Re: Ineffective pam_authz_search