Thanks for the response. I have not tested it, but hopefully that should
work.
In the mean time, I've configured pam-radius-auth to do my
authorization, since my radius config uses ldap as its backend.
Шипицин Илья wrote:
> is it or not ?
>
> pam_check_service_attr <yes|no>
> Specifies whether the "authorizedService" attribute
> should be
> checked for logon authorization ("account" in the PAM
> stack).
> The default is not to. If set to "yes" and a user has
> no value
> for the "authorizedService" attribute, then the user
> will be
> unable to login.
>
>
>
> Dan White пишет:
>> Does anyone know if it's possible to use PAM LDAP for attribute
>> authorization only?
>>
>> What I mean by that is I'm authenticating users via another PAM
>> module, but I would like to include a check to see if they have a
>> certain attribute within their entry, with a check like:
>>
>> pam_filter radiusGroupName=shellaccess
>>
>> I hope that question makes since.
>>
>> Thank You,
>> - Dan
>>
>>
