pam_hostscheck new release (1.2)
As you know (or not ;), i have a little project to help handle LDAP authentication in GNU/Linux systems (somebody wants to help port it to OpenSolaris?), and a co-worker (Ernani), did a patch to adapt the code for the new ldap routines (ldap_init/initialize, etc). He give me his email (ernaniaz@gmail.com), if you have any questions. Many thanks to Ernani, and please give us feedback if you encounter any bugs.
PS.: This module (pam_hostscheck), works like a requisite in pam stack. Using a attribute (host) in the LDAP server, it checks if that user can “try” to authenticate on the machine/server. It’s one more level for security and access control.
peace.
I actually wrote something like this for Solaris a few years ago for an old job, but did one better (the above solution is nice, but doesn’t scale well).
The difficulty on (Open)solaris is that it would be best to utilize the existing ldap pieces (in libsldap), however, there is no method in libsldap to just get the handle to a valid LDAP connection to do arbitrary operations. If you’d like to contact me at my mail address, I can share more details than what I could write here.
Thanks for the feedback Jason!
But if (Open)solaris has not a *standard* solution for that, i still think a *not so good* solution is yet an option. ;-) I think if you have a better knowledge about this topic, would be very nice to propose a project for this in opensolaris.org. There are a lot of LDAP integration in Solaris, but not for a *standard* LDAP…
Thanks again!
Leal.