Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/746 Splitting this ticket off from #670 From pam_ldap(5): {{{ pam_check_host_attr <yes|no> Specifies whether the "host" attribute should be checked for logon authorization ("account" in the PAM stack). The default is not to. If set to "yes" and a user has no value for the "host" attribute, then the user will be unable to login. }}} 11/07/10 18:59:07 changed by ossman I got a bit bored and had a look at the pam_ldap code to get details about the implementation. This is what I found: 1. The local names to try for "host" is determined by calling gethostname() and feeding that into gethostbyname(). The names tried are are then h_name and all h_aliases. Normally this means both the FQDN as well as just the first portion. 2. It first looks for entries starting with '!' to indicate explicit denies. 3. Only '*' has special meaning. I.e. no generic wild card support.
duplicate https://bugzilla.redhat.com/show_bug.cgi?id=755506 *** This bug has been marked as a duplicate of bug 755506 ***