[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

How do I get rid of passwd/shadow files


I have modified pam_pwdb and libpwdb to get radius authentication to return similar data as the pwdb style shadow and unix modules do. Part of this data that it returns is uid, gid, dir (home directories). So far everything to do with PAM and pwdb work fine.

The problem is that I would like to totally remove any reliance on password/shadow files from my systems, but most applications, eg. login, still require access to these files even after PAM has authenticated the user. 

Is there a way I can use PAM to set the user info such as UID etc. etc. In the PAM docs it talks about two functions, pam_setcred and pam_putenv, which may be able to be used for this purpose. It also mentions in the docs that pam_setcred should NOT be used to set this kind of information.

My first question is why is it not "allowed" to use pam_setcred to set user information? Secondly, is there a way PAM can do this nicely without having to hack all applications?
Thirdly, should I forget about using PAM for this and modify all applications to use libpwdb directly so I can support this?

If some of you have succeeded in removing the need for password files for services which require user authentication I would be extremely greatful for any tips.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []