Hi all
I use the primitive pam_check_host_attr in pam_ldap to filter my users. In OpenLDAP I add the attribute host for each users. I can write « host = hostlab.netplus.fr (fqdn) » to allow just one host for my user, or « host = * » to allow all hosts. But if I write host = 192.168.57.48 (the IP of hostlab.netplus.fr), my user is not able to authenticate on the host, Why I have to write the FQDN and not the IP address. Isn't possible ? And Is it possible to use regexp with the host attribute? Like host = 192.168.45.* ?
Regards,
François
François Mehault wrote:
Hi all
I use the primitive pam_check_host_attr in pam_ldap to filter my users. In OpenLDAP I add the attribute host for each users. I can write « host = hostlab.netplus.fr (fqdn) » to allow just one host for my user, or « host = * » to allow all hosts. But if I write host = 192.168.57.48 (the IP of hostlab.netplus.fr), my user is not able to authenticate on the host, Why I have to write the FQDN and not the IP address. Isn’t possible ? And Is it possible to use regexp with the host attribute? Like host = 192.168.45.* ?
Regards,
François
All of this behavior depends on the pam_ldap module; your question belongs on the pam_ldap mailing list.
openldap-technical@openldap.org
-
François Mehault -
Howard Chu