PAM: How to test non-local group membership (LDAP, SQL, ...)?
Jose Plans
jplans at redhat.com
Mon Jun 11 13:27:30 UTC 2007
On Mon, 2007-06-11 at 15:21 +0200, Brian Schau wrote:
> Hmm - you mention pam module ... I am PAMifying an existing application,
> ie. using the PAM Application interface (not a module).
>
> Will this present any problem?
Not at all, it was just an example, ignore it :) - as I said, better do
pam_start etc. as you are doing to get that application using pam and
since you are doing some sort of ACL.
> I am having the basic PAM authentication up and running. I can switch
> pam config files so that I authenticate using ldap or a sql database ...
>
> ... so I "only" needs the group part. I have to look into nsswitch later
> (hopefully tonight .. :-)
heh :-) - that is what you need, once you get nss able to do lookups
against that sql or ldap, you are good to write what you need to write.
Just change /etc/nsswitch.conf to have your dbs in the services you need
and then run getent against them (for example: if you added ldap in
password like password: files ldap, then run : getent password and see
if you are also seeing users from that ldap directory).
Jose
More information about the Pam-list
mailing list