Hi all,
I'm in the process of learning the OpenLDAP authentication mechanics.
I'd need to know what is the best way to configure an host based authentication
system that allow to configure a per-user rule to include a group of host to
which the user is allowed to login.
In example:
user Bob
Hi Olivier,
thanks for the fast answer.
I'm looking at pam_ldap component and I already saw the host based
authentication that enables to list hostnames on the server per user.
Your idea, if I'm not mistaken, would be to specify this host parameter as some
kind of LDAP data structure (ie:
On 10/29/12 13:23 +0100, Simone Scremin wrote:
Hi all,
I'm in the process of learning the OpenLDAP authentication mechanics.
I'd need to know what is the best way to configure an host based
authentication system that allow to configure a per-user rule to include a
group of host to which the
On 10/29/12 09:38 -0500, Dan White wrote:
On 10/29/12 13:23 +0100, Simone Scremin wrote:
Hi all,
I'm in the process of learning the OpenLDAP authentication mechanics.
I'd need to know what is the best way to configure an host based
authentication system that allow to configure a per-user rule
Dan White wrote:
On 10/29/12 13:23 +0100, Simone Scremin wrote:
Hi all,
I'm in the process of learning the OpenLDAP authentication mechanics.
I'd need to know what is the best way to configure an host based
authentication system that allow to configure a per-user rule to include a
group of
Hi Dan,
that trick would work in particular cases, but not sure
that it would scale in a large number of lively machines
environnement : suppose you want to change ACL for a
particular server without changing its name ?
Intutively, I would rather opt for host group management
(posix or group of)
if you are using pam-ldap, then its even easier than you think, i.e. its
included in pam-ldap:
in the ldap directory create entries like or similar:
uid=ldap-host,ou=People,ou=pam-ldap,dc=mydomain,dc=com
cn: ldap-host
gidNumber: 102
homeDirectory: /home/ldap-host
host: vidigal.mydomain.com
On Oct 29, 2012, at 5:12 PM, Howard Chu h...@symas.com wrote:
Dan White wrote:
...
Assuming that you will be using a PAM module on each host, the answer to
that question will depend on which PAM module you choose, and what
configuration it supports.
If that module supports placing a
And this is clear.
This the basic host based authentication using pam-ldap.
From what I know however, it's not possible to set a regex as the value of the
host attribute which is my requirement.
See the previous mail with the relevant example about the regex for the
hostnames.
Am I wrong?