URL: https://github.com/SSSD/sssd/pull/275 Author: akamensky Title: #275: Implement access verification by rhost using ldap_access_order rhost option Action: opened
PR body: """ TL;DR - this is to implement functionality similar to both of `sshd_config:AllowUsers` and of `PAM's own rhost verification`.
This was asked in IRC and [mailing list](https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.o...) (with little follow up in both). The reasoning behind implementation can be seen in linked mailing list thread.
Current PR provides basic functionality of comparing rhost (from pam) with values stored in LDAP. To enable this set `ldap_access_order = rhost` and `ldap_user_authorized_rhost = <ldap_field_name| default: rhost>` in sssd.conf.
It _currently*_ provides similar rule evaluation as currently it works for host based authentication.
TODO: - [ ] Finalize logic of using DNS/rDNS for rules validation (currently working on basic idea how it should work - any help here?) - [ ] Implement use of DNS/rDNS (with optional switch to enable/disable) - [ ] Documentation - [ ] Test coverage (didn't see test coverage for host auth, so is it needed?) """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/275/head:pr275 git checkout pr275