Menu
▾
▴
RE: [Pam-mysql-general] PAM order question
|
From: Gary W. S. <ga...@pr...> - 2006-01-07 17:01:51
|
Moriyoshi,=20
Thanks for the information on the config items. As for the other item,
active server, what I should have said was how can I limit a login to a
certain set of servers. In LDAP I can enforce host checking to ensure
that the hose they are trying to log into is in the list of authorized
hosts for that user.
I can conceivable create a table for hosts and a table for host users,
populate them the way I want and assign certain servers to certain
users. But the general question is how would I get the active hostname
into the SQL statement for pam_mysql.
Specifically, how do I use this section of the README file?
table
The name of table that maps unique login names to the passwords.
This can be a combination of tables with full JOIN syntax if you
need more control. For example:
[table=3DHost LEFT JOIN HostUser ON HostUser.host_id=3DHost.id \
LEFT JOIN User ON HostUser.user_id=3DUser.id]
How do I identify what the hostname is in the SQL statement without
having to custom write a SQL statement for each server?
Gary Smith
> -----Original Message-----
> From: Moriyoshi Koizumi [mailto:mor...@at...]
> Sent: Saturday, January 07, 2006 1:10 AM
> To: Gary W. Smith
> Cc: pam...@li...
> Subject: Re: [Pam-mysql-general] PAM order question
>=20
> I'm not sure about what you meant by the "active server", but probably
> that
> can be achieved by the account management function.
>=20
> To use the function, specify an expression to the "statcolumn"
argument
> that indicates the status of the account with the following bitmasks:
>=20
> - PAM_MYSQL_USER_STAT_EXPIRED (0x0001):
> Indicates that the account is expired.
>=20
> - PAM_MYSQL_USER_STAT_AUTHTOK_EXPIRED (0x0002):
> Indicates that the authentication token (password) for the account
> needs to be updated. The user will be prompted to supply a new
> password
> by the application that makes use of the PAM facility.
>=20
> example:
>=20
> auth sufficient pam_mysql.so [statcolumn=3Dif(exp_time >=3D =
now(),1,0)
> + if(passwd_exp_time >=3D now(),2,0)]
>=20
> Regards,
> Moriyoshi
>=20
|
