[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    [pamldap] pam_ldap-163
From:       Luke Howard <lukeh () PADL ! COM>
Date:       2003-05-29 12:57:05
[Download RAW message or body]


163     Luke Howard <lukeh@padl.com>

        * fix typo in authorizedService patch
        * add ldapns.schema for authorizedServiceObject and
          hostObject

162     Luke Howard <lukeh@padl.com>

        * support for service-based authorization
          (based on patch from Manon Goo)
        * add ignore_authinfo_unavail flag
        * pam_filter works again

Of note in pam_ldap-162: you can now use the authorizedService 
attribute to control access on a PAM service-specific basis. 
(NB: I haven't tested this myself yet :-))

You should be able to do something like:

dn: uid=lukeh,dc=padl,dc=com
uid: lukeh
objectClass: posixAccount
objectClass: authorizedServiceObject
authorizedService: ftp
authorizedService: telnet
...

Thanks to Manon Goo for the original patch behind this feature.

Finally, the igonre_authinfo_unavail pam.conf flag adds support
for ignoring pam_ldap if the LDAP server is down; the same effect
could be achieved through some tricky Linux-PAM configuration, 
but Solaris/HP-UX users were left out in the cold.

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com
[prev in list] [next in list] [prev in thread] [next in thread]