[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] pam_check_host_attr for DHCP client
From: Christian Hilty <christian.hilty () gmail ! com>
Date: 2012-06-22 20:20:06
Message-ID: 4FE4D376.40308 () gmail ! com
[Download RAW message or body]
Thanks! What you suggest works perfectly.
Chris
On 06/22/2012 12:03 PM, Chuck Theobald wrote:
> On 6/21/2012 10:59 PM, chris121 wrote:
>> Hi,
>> I have set up a small network of linux clients using LDAP
>> authentication. I
>> need to selectively allow users access to various clients. The
>> pam_check_host_attr works well for this purpose, as long as the
>> client has a
>> static IP address. Some of the clients unfortunately are DHCP, which
>> means
>> that their hostname is not resolved by the DNS server. In this case,
>> access
>> is denied if pam_check_host_attr is set to "yes" in pam_ldap.conf. Is
>> there
>> any way of making host name checking work for DHCP clients?
>> Thanks!
>
> My approach to this has been to use pam_filter and the description
> attribute on each machine's ldap.conf (or pam_ldap.conf) file. Each
> user account then gets a description value according to the machines
> to which they have access. Authorization is then controlled only by
> the LDAP database and the pam settings, with no need to reference any
> outside sources of information, e.g. DNS.
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic