>Mon, Nov 21, 2011 at 1:34 PM Buchan Milne <[email protected]>
wrote:
>
> >One method would be to add the hostObject objectclass, from ldapns.schema
> >(shipped with pam_ldap source), and add a host attribute with the
> 'hostname'
> >of the host for each host the user should be allowed to log in to, and set
> >'pam_check_host_attr yes' in /etc/ldap.conf (see 'man pam_ldap').
>
> >Of course, this depends on which pam module you are using, and there are
> other
> >options.
>
I tried by installing pam_ldap module and configuring ldap.conf file
but still allowing access to the hosts not mentioned in host attribute. All
the user information is available on the client node not specified in the
host attribute of that user (checked by firing $getent passwd) .
What is desired is on such client (not specified in host attribute of
<user-name>) nodes, $su <user-name> should show *su: <user-name> does not
exist*.
Which of the services in /etc/pam.d need to be modified for proper user
authorization?
>
>
>
>
> Regards,
> Buchan
>
--
Thanks & Regards,
Jayavant Ningoji Patil
Engineer: System Software
Computational Research Laboratories Ltd.
Pune-411 004.
Maharashtra, India.
+91 9923536030.
