[PATCH] new features for libpam-ldap

Timo Aaltonen tjaalton at cc.hut.fi
Wed Feb 6 23:01:12 GMT 2008


resending here to receive more feedback:

---------- Forwarded message ----------
Date: Fri, 01 Feb 2008 12:16:34 +0200 (EET)
From: Timo Aaltonen
To: ubuntu-server
Subject: [PATCH] new features for libpam-ldap


 	Hi!

   We have been using a patch for libpam-ldap for a couple of years (4+) now, 
and it's about time to ask for merging it in Ubuntu and/or Debian (but starting 
here :). Here's a description by the author (ie. not me):

- Two new configuration options:
   - pam_require_fqdn, allow matching host to either fully qualified
     domain name or short hostname.
   - pam_require_host_group, match against freely specified hostgroup
     to gain access. Looked up from host attribute.
   - Can work either way at the same time

- Introduces directly LDAP speaking variants of two internal
   functions, _has_deny_value / _has_value. authorizedService
   and host attributes are compared on the server side, thus
   allowing to set somewhat more strict ACL's to those attributes
   if wanted, and possibly saving some network bandwidth..
- Disable some old code replaced by use of _ldap_cmp_has_deny_value
   and _ldap_cmp_has_value.

It was sent upstream but got no feedback (link to the patch is broken now):

http://bugzilla.padl.com/show_bug.cgi?id=172


t
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpam-ldap.patch
Type: text/x-diff
Size: 7687 bytes
Desc: 
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080207/4c3e9e50/attachment.bin 
-------------- next part --------------
-- 
ubuntu-server mailing list
ubuntu-server at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam


More information about the ubuntu-devel mailing list