[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Dynamically creating users if !exist

On Tue, 2003-10-21 at 14:01, Joe Lewis wrote:
> Yes, though I'd have no clue as to why.  The whole intent of PAM is to 
> make the security of a device more easily configurable, and just opening 
> the door for users to log in with a new user ID opens a LOT of security 
> holes.

I'm open to suggestions (besides creating a special user to create
users, which I've already ruled out).

I'm putting it out as a system where there will be a limited set of
people who will be allowed to access it. The computer itself will be
hardened. The only apps that will be availible to users will be email,
web, and cards (basically). Certainly no console access.
I realize that with enough effort those outside of my given range of
users could login. That it could be used for cracking. That users could
bumble around and create 100 accounts for themselves.
(The latter being the worst of my fears ;) )
But I have yet to see a better way...

> If you have programming 
> skills, you can create a module that catches the pam_sm_authenticate 
> function, checks for the user, and if not found, creates the user and 
> returns success.

I really don't have enough skills with PAM in specific (or C in general).
And this system is supposed to be availible soon, so I really dn't have
time to learn :(
If someone wants to mentor me in programming such a module, I'd be
extremly appreciative.


> > Is there any way I can use PAM to dynamically create a users, if the
> > username doesn't exist?
> > I've looked at creating a user whose sole purpose is to create users,
> > but I don't want to do that.
> > 
> > How can I get something like this working?
> > 
> > Thanks,
> > Harold
> > 
> > 
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list redhat com
> > https://www.redhat.com/mailman/listinfo/pam-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]