[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Antwort: Re: sufficient account management checking for locally definedusers



Hello,

I followed your discussion with interest but I have a very practical problem. Is
there any configuration of pam (sshd) which allows
me to have mixed local/ldap users _with_ ldap users restricted to certain hosts
using the host attribute in ldap?
I am also using nss_ldap.

mit freundlichen Grüßen/with best regards
Thomas Emde
________________________
ScaleOn GmbH & Co. KG
Systems Engineering 1
Geb. B151, Raum 117
D-51368 Leverkusen
Telefon     +49 214/30-67603
Telefax     +49 214/30-24887
E-Mail      thomas.emde@scaleon.de
Internet    http://www.scaleon.de




                                                                                                                                       
                                                                                                                                       
                                                                                                                                       
                                               An:      pam-list@redhat.com                                                            
                                               Kopie:                                                                                  
                                               Thema:   Re: sufficient account management checking for locally defined users           
                                                                                                                                       
             Luke Howard                                                                                                               
             <lukeh@PADL.COM>                                                                                                          
             Gesendet von:                                                                                                             
             pam-list-admin@redhat.com                                                                                                 
                                                                                                                                       
             Received :  2002-05-10                                                                                                    
             12:19                                                                                                                     
             Bitte antworten an                                                                                                        
             pam-list                                                                                                                  
                                                                                                                                       
                                                                                                                                       





>  account    required     pam_unix.so
>  account    [default=die success=ok authinfo_unavail=ignore
user_unknown=ignore] pam_ldap.so
>
>This means that pam_ldap can happily return PAM_USER_UNKNOWN, and PAM
>can then ignore this return value.  This works, but doesn't satisfy
>the policy I've outlined above.

You can also use the ignore_unknown_user option to pam_ldap, for
versions of PAM that do not support this extended configuration
syntax.

-- luke

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com



_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list









[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []