pam_check_host_attr not work on centos7
[Date Prev][Date Next] [Thread Prev][Thread Next]pam_check_host_attr not work on centos7
- From: "????????" <19130258 [at] qq.com>
- To: "nss-pam-ldapd-users" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: pam_check_host_attr not work on centos7
- Date: Tue, 17 May 2016 18:23:52 +0800
Hi:
on centos6 I add "pam_check_host_attr yes" at /etc/pam_ldap.conf. It work well
but on centos7 it's not work well. I see the man nslcd.conf on centos7 get something about it
The pam_check_host_attr option can be emulated with:
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
but still not work for restrict some use to login
I used dynlist to the host attribute of a user like this:
$ ldapsearch -x -LLL uid=test5
dn: uid=test5,ou=People,dc=9icaishi,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: hostObject
objectClass: person
cn: Test5
sn: Test5
loginShell: /bin/bash
uidNumber: 10015
gidNumber: 10000
homeDirectory: /home/test5
labeledURI: ldap:///ou=backend,ou=servers,dc=9icaishi,dc=net?host
uid: test5
host: 10-1-1-142
host: 10-1-1-151
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: hostObject
objectClass: person
cn: Test5
sn: Test5
loginShell: /bin/bash
uidNumber: 10015
gidNumber: 10000
homeDirectory: /home/test5
labeledURI: ldap:///ou=backend,ou=servers,dc=9icaishi,dc=net?host
uid: test5
host: 10-1-1-142
host: 10-1-1-151
but when I seach add host filter
$ ldapsearch -x -LLL "(&(uid=test5)(host=10-1-1-142))"
there is nothing
how to use pam_authz_search to restrict user login some host not all ?
Thanks,
kaka.huang
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- pam_check_host_attr not work on centos7, ????????
- Re: pam_check_host_attr not work on centos7,
Arthur de Jong
- Re: pam_check_host_attr not work on centos7, Jakub Hrozek
- Re: pam_check_host_attr not work on centos7, Jakub Jindra | Socialbakers a. s.
- Prev by Date: Re: SASL EXTERNAL Support
- Next by Date: pam_check_host_attr not work on centos7
- Previous by thread: Re: SASL EXTERNAL Support
- Next by thread: Re: pam_check_host_attr not work on centos7