[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: [pamldap] pam_ldap-163
From: Luke Howard <lukeh () PADL ! COM>
Date: 2003-05-29 12:57:05
[Download RAW message or body]
163 Luke Howard <lukeh@padl.com>
* fix typo in authorizedService patch
* add ldapns.schema for authorizedServiceObject and
hostObject
162 Luke Howard <lukeh@padl.com>
* support for service-based authorization
(based on patch from Manon Goo)
* add ignore_authinfo_unavail flag
* pam_filter works again
Of note in pam_ldap-162: you can now use the authorizedService
attribute to control access on a PAM service-specific basis.
(NB: I haven't tested this myself yet :-))
You should be able to do something like:
dn: uid=lukeh,dc=padl,dc=com
uid: lukeh
objectClass: posixAccount
objectClass: authorizedServiceObject
authorizedService: ftp
authorizedService: telnet
...
Thanks to Manon Goo for the original patch behind this feature.
Finally, the igonre_authinfo_unavail pam.conf flag adds support
for ignoring pam_ldap if the LDAP server is down; the same effect
could be achieved through some tricky Linux-PAM configuration,
but Solaris/HP-UX users were left out in the cold.
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic