LDAP-UX Client Services B.05.00 Administrator's Guide

TERMINAL Returns the terminal type of the computer from which the user attempts to

log on. For example, /dev/pts/0.

Some applications (such as ssh or remsh) do not pass the terminal dynamic

variable value to PAM_AUTHZ.

TIMEOFTHEDAY Returns the current time of the computer system from which the user attempts

to log on. For example, 20061015125535Z represents October 15, 2006 at 12:55

and 35 seconds GMT. TIMEOFTHEDAY follows the “UTC Time” syntax as

described by RFC4517.

SERVICE Returns the name of the PAM service from which the user attempts to access.

For example, common PAM service names include ftp, login, telnet.

RHOSTIP Returns the IP address of the remote host system from which the user starts

the PAM enabled application, such as telnet.

RHOSTNAME Returns the name of the remote host system from which the user starts the

PAM enabled application, such as telnet.

RHOSTNAMEWD Returns the name of the fully qualified remote host system from which the

user starts the PAM enabled application, such as telnet.

5.3.9.2 Examples

The following shows a sample access rule in the access policy file:

allow:ldap_filter:(WorkstationIP=$[HOSTIP])

The above policy rule performs a security policy validation for users stored in the LDAP directory

server. If a user, Mary, has a WorkstationIP attribute in her user entry in the LDAP directory

and the value is 1.2.3.200. If Mary attempts to log in to the host with the IP address,

1.2.3.200, then the access rule is evaluated to be true and this user is granted login access.

152 Administering LDAP-UX Client Services