Hi Kaj, Thanks for this. Is there a way to make this work with groups, so that I can have a group of webusers, mailusers, etc?
Simon On Tue, Oct 7, 2008 at 3:19 PM, Kaj Niemi <[EMAIL PROTECTED]> wrote: > Hi, > > > Try adding "pam_check_host_attr yes" in your /etc/ldap.conf. Your host: > blah.example.com in ldap for each entry and system fqdn have to match. See > pam_ldap(5) for more info. For example: > > ssl start_tls > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > uri ldap://first/ ldap://second/ > base dc=example, dc=com > > pam_filter objectclass=account > pam_login_attribute uid > pam_check_host_attr yes > pam_min_uid 500 > > nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon > > > HTH :) > > > Kaj > > On Oct 7, 2008, at 12:44, Simon Blunt wrote: > >> >> So a user must have the host:somehostname attribute (or host:*) >> attribute to login to a given server. >> >> This works, but doesn't scale. >> >> I must be overlooking something. This final step can't really be >> missing: can I really not have a host lookup >> >> Can anyone nudge me in the right direction? > > > > > Kaj > -- > Kaj J. Niemi > <[EMAIL PROTECTED]> > +358 45 63 12000 > > > > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list > > _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
