Hello, Today I just finished switching one of my sites from LDAP-only to Kerberos+LDAP. One thing that I liked about LDAP and pam_ldap was that I could use something like "pam_filter |(host=somehost)(host=\*)" on each host, along with "host=somehost" or "host=*" in each user's LDAP entry. This allowed me to restrict who could log in to each host. Now that I have switched to using pam_krb53 and am only using LDAP for the location of the home directories and the uid/gid, it doesn't appear that the pam_filter line in libnss-ldap.conf is working. I also had the same line in /etc/pam_ldap.conf, but I have removed all the pam_ldap entries from /etc/pam.d/*. Does anyone know how I might be able to restore that behavior? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature