[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP авторизация

Hi Покотиленко,

* Покотиленко Костик <casper@meteor.dp.ua>
* 2008-02-01 14:07:
> Man'ы читать надо, блин. Есть такая конструкция, которую можно
> использовать в /etc/pam.d/*:
> 
> account required pam_ldap.so config=/etc/pam_ldap_<имя сервиса>.conf
> 
> Так даже красиво.

Кажется есть еще красивее (я не пробовал, у меня libnss_ldap)

/etc/pam_ldap.conf

# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes

# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes

-- 
Best regards,
Sergey Chumakov 2:450/77[.43]
Reply to: