URL: https://github.com/SSSD/sssd/pull/275 Author: akamensky Title: #275: Implement access verification by rhost using ldap_access_order rhost option Action: edited
Changed field: body Original value: """ TL;DR - this is to implement functionality similar to both of `sshd_config:AllowUsers` and of `PAM's own rhost verification`.
This was asked in IRC and [mailing list](https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.o...) (with little follow up in both). The reasoning behind implementation can be seen in linked mailing list thread.
Current PR provides basic functionality of comparing rhost (from pam) with values stored in LDAP. To enable this set `ldap_access_order = rhost` and `ldap_user_authorized_rhost = <ldap_field_name| default: rhost>` in sssd.conf.
It _currently*_ provides similar rule evaluation as currently it works for host based authentication.
TODO: - [ ] Finalize logic of using DNS/rDNS for rules validation (currently working on basic idea how it should work - any help here?) - [ ] Implement use of DNS/rDNS (with optional switch to enable/disable) - [ ] Documentation - [ ] Test coverage (didn't see test coverage for host auth, so is it needed?) """