RE: pam_authz_search not considered

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Lakshmi Narasimhan, Premkumar (RIS-ORL)" <Premkumar.Narasimhan [at] lexisnexis.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>, "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: RE: pam_authz_search not considered
Date: Thu, 29 Oct 2015 14:43:48 +0000

Hi Arthur,

Thanks for your inputs. In  PAM vsftpd configuration didn't have pam_ldap.so 
for account. Once I added entry for  account required pam_ldap.so, 
pam_authz_search was sent as filter. 

Is there a way I could send $rhost during authentication as a filter? Since 
currently we authenticate  based on user/password and IP.

Thanks,
Prem

-----Original Message-----
From: Arthur de Jong [arthur [at] arthurdejong.org] 
Sent: Wednesday, October 28, 2015 5:51 PM
To: Lakshmi Narasimhan, Premkumar (RIS-ORL); 
nss-pam-ldapd-users@lists.arthurdejong.org
Subject: Re: pam_authz_search not considered

On Wed, 2015-10-28 at 13:27 +0000, Lakshmi Narasimhan, Premkumar (RIS-
ORL) wrote:
> I am trying to setup LDAP authentication for VSFTPD. Also i need to IP 
> validation so i am trying to use pam_authz_search (&(id=$rhost)), but 
> I don’t see this applied as a filter in LDAP request. Please provide 
> you valuable inputs.

The pam_authz_search option is only used in the authorisation (account) phase 
of the PAM stack. Your debug log only contains information from the 
authentication (auth) phase.

Your PAM configuration probably does not call pam_ldap.so for authorisation it 
for some reason skips it when another module already returns success.

--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --



---------------------------------------- The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.  
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_authz_search not considered, Lakshmi Narasimhan, Premkumar (RIS-ORL)
- Re: pam_authz_search not considered, Arthur de Jong
  - RE: pam_authz_search not considered, Lakshmi Narasimhan, Premkumar (RIS-ORL)

Prev by Date: Re: pam_authz_search not considered
Next by Date: Re: Mapping question.
Previous by thread: Re: pam_authz_search not considered
Next by thread: getent gid does not return group name