You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pam_check_host_attr <yes|no>
Specifies whether the "host" attribute should be checked for logon authorization ("account" in the PAM stack). The default is not to. If set to "yes" and a user has no value for the "host" attribute, then the user will be unable to login.
11/07/10 18:59:07 changed by ossman
I got a bit bored and had a look at the pam_ldap code to get details about the implementation. This is what I found:
The local names to try for "host" is determined by calling gethostname() and feeding that into gethostbyname(). The names tried are are then h_name and all h_aliases. Normally this means both the FQDN as well as just the first portion.
It first looks for entries starting with '!' to indicate explicit denies.
Only '*' has special meaning. I.e. no generic wild card support.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/746
Splitting this ticket off from #670
From pam_ldap(5):
11/07/10 18:59:07 changed by ossman
I got a bit bored and had a look at the pam_ldap code to get details about the implementation. This is what I found:
The local names to try for "host" is determined by calling gethostname() and feeding that into gethostbyname(). The names tried are are then h_name and all h_aliases. Normally this means both the FQDN as well as just the first portion.
It first looks for entries starting with '!' to indicate explicit denies.
Only '*' has special meaning. I.e. no generic wild card support.
Comments
Comment from ossman at 2010-12-23 10:24:16
attachment
0001-Add-host-access-control-support.patch
Comment from dpal at 2011-02-07 15:13:24
Fields changed
owner: sgallagh => jzeleny
upgrade: => 0
Comment from jzeleny at 2011-03-02 10:40:45
Fields changed
status: new => assigned
Comment from jzeleny at 2011-03-28 10:02:08
Fixed in: 3612c73
resolution: => fixed
status: assigned => closed
Comment from dpal at 2012-01-03 20:00:36
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=771412
Comment from dpal at 2012-01-05 18:26:42
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=755506
Comment from sgallagh at 2012-01-30 21:16:21
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=785878
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=785878 785878]
Comment from sgallagh at 2017-02-24 14:38:54
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered: