[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Filter to AND with uid=%s



Hello,

I thought I had limiting of machine access working, until I
started encrypting the passwords.  I am using the following
in my /etc/ldap.conf file on the client machine that I want
to limit access to:

# Filter to AND with uid=%s
pam_filter &(objectclass=account) (host=amitri.iw.mcld.net)

If the user's password is clear text, I see this test in the
/var/log/ldap.log as I'm trying to log in:

Oct  5 08:21:53 avalanche slapd[31216]: conn=809 op=1 SRCH
base="DC=MCLD,DC=NET" scope=2
filter="(&(&(objectclass=ACCOUNT)(host=AMITRI.IW.MCLD.NET))(uid=KELLI))"

If the password is encrypted, I never see this test in the
log file and the user can log into the box even though
they're not allowed.  It appears that if the password is
encrypted, the filter isn't used.  That strikes me as odd.

Any thoughts would be great!
Kelli





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []