#746 Support pam_check_host_attr
Closed: Fixed None Opened 13 years ago by sgallagh.

Splitting this ticket off from #670

From pam_ldap(5):

    pam_check_host_attr <yes|no>

        Specifies whether the "host" attribute should be checked for logon authorization ("account" in the PAM stack). The default is not to. If set to "yes" and a user has no value for the "host" attribute, then the user will be unable to login.

11/07/10 18:59:07 changed by ossman

I got a bit bored and had a look at the pam_ldap code to get details about the implementation. This is what I found:

  1. The local names to try for "host" is determined by calling gethostname() and feeding that into gethostbyname(). The names tried are are then h_name and all h_aliases. Normally this means both the FQDN as well as just the first portion.

  2. It first looks for entries starting with '!' to indicate explicit denies.

  3. Only '*' has special meaning. I.e. no generic wild card support.


Fields changed

owner: sgallagh => jzeleny
upgrade: => 0

Fields changed

status: new => assigned

Fixed in: 3612c73

resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to jzeleny
- Issue set to the milestone: SSSD 1.6.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1788

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata