RSS feed

Ineffective pam_authz_search

[Date Prev][Date Next] [Thread Prev][Thread Next]

Ineffective pam_authz_search

I am using sys-auth/nss-pam-ldapd-0.8.13 on gentoo.
I try to emulate the pam_check_host_attr option with:
But still, user is available to login even if specific $hostname or $fqdn is not specified in his LDAP account, so it becomes a security issue.

nslcd -d outputs:
nslcd: <passwd="mylogin"> DEBUG: myldap_search(base="dc=mydc,dc=mydc", filter="(&(objectClass=posixAccount)(uid=mylogin))")

I don't see that myldap_search includes 'host' parameter.
What am I doing wrong?
Any help will be appreciated.
To unsubscribe send an email to or see