Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
pam_authz_search and wildcard domain names #8
I'm having some problems replicating prior pam_check_host_attr=yes approaches where wildcards were used when going from Centos6 to Centos7.
The quick challenge is the following does not work:
But ldapsearch -x "(&(objectClass=posixAccount)(uid=myname)(host=_.group.company.com))" does work, where a host attribute value of '_.group.company.com' should allow access to all hosts with that domain name.
Explicitly putting pam_authz_search (&(objectClass=posixAccount)(uid=$username)(host=*.group.company.com)) ALSO works (when on an appropriate box), something about $dn.
confirmed 'hostname -d' on the commandline returns group.company.com, but unsure why the configuration above doesn't work.
nss-pam-ldapd-0.8.13-8.el7.x86_64 version with centos7.