[PATCH] new features for libpam-ldap
Timo Aaltonen
tjaalton at cc.hut.fi
Fri Feb 1 10:16:34 UTC 2008
Hi!
We have been using a patch for libpam-ldap for a couple of years (4+)
now, and it's about time to ask for merging it in Ubuntu and/or Debian
(but starting here :). Here's a description by the author (ie. not me):
- Two new configuration options:
- pam_require_fqdn, allow matching host to either fully qualified
domain name or short hostname.
- pam_require_host_group, match against freely specified hostgroup
to gain access. Looked up from host attribute.
- Can work either way at the same time
- Introduces directly LDAP speaking variants of two internal
functions, _has_deny_value / _has_value. authorizedService
and host attributes are compared on the server side, thus
allowing to set somewhat more strict ACL's to those attributes
if wanted, and possibly saving some network bandwidth..
- Disable some old code replaced by use of _ldap_cmp_has_deny_value
and _ldap_cmp_has_value.
It was sent upstream but got no feedback (link to the patch is broken
now):
http://bugzilla.padl.com/show_bug.cgi?id=172
t
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpam-ldap.patch
Type: text/x-diff
Size: 7687 bytes
Desc:
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080201/b7a0b35b/attachment.patch>
More information about the ubuntu-server
mailing list