[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

thinking about pam



Hi all,

I'm rather new to this list, so please don't kick me too hard if this
question has already been bludgeoned to death.

I am wondering how PAM expects to deal with user identities that are
propagated via some other means than /etc/passwd.  I think this is the
same question as how NIS works, and if so, is PAM going to be
functionally similar in this regard?  For instance, I would like to be
able to set up a user identity in kerberos and the home directory on an
NFS server and expect the changes to be propagated to all machines that
are part of the realm.

In my shamelessly stolen graphic from Andrew's web page, my
understanding of this is that the auth module below would use GSSAPI,
but then map against an acct table that stores information about home
directory, user's full name and shell.

Am I close on this?

Thanks!

-B

        +----------------+
        | application: X |
        +----------------+       /  +----------+     +================+
        | authentication-[---->--\--] Linux-   |--<--| /etc/pam.conf  |
        |       +        [----<--/--]   PAM    |     |================|
        |[conversation()][--+    \  |          |     | X auth .. a.so |
        +----------------+  |    /  +-n--n-----+     | X auth .. b.so |
        |                |  |       __|  |           |           _____/
        |  service user  |  A      |     |           |____,-----' 
        |                |  |      V     A                        
        +----------------+  +------|-----|---------+ -----+------+
                               +---u-----u----+    |      |      |
                               |   auth....   |--[ a ]--[ b ]--[ c ]
                               +--------------+
                               |   acct....   |--[ b ]--[ d ]
                               +--------------+
                               |   password   |--[ b ]--[ c ]
                               +--------------+
                               |   session    |--[ e ]--[ c ]
                               +--------------+



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []