PAM: How to test non-local group membership (LDAP, SQL, ...)?
Andreas Hasenack
ahasenack at terra.com.br
Mon Jun 11 12:34:26 UTC 2007
On Mon, Jun 11, 2007 at 09:59:40AM +0200, Brian Schau wrote:
> > You should use the (g)libc functions to determine group membership. You
> > don't have to know if the user database is in sql, ldap, db, etc.
>
> Ok, so if I understand you correctly I can use PAM to authenticate the
> user (f.ex. in LDAP) and then use the libc functions to verify the group
> membership as if that information was present locally on the server?
Yes, this second step would be in the account section.
Note that you should be doing the authentication with a database
specific module, like pam_ldap, pam_mysql, etc. Because for auth, these
users won't be in local files either.
More information about the Pam-list
mailing list