[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: group information?



Ingo Luetkebohle wrote:
> On Wed, 19 Feb 1997, Andrew G. Morgan wrote:
> > It basically falls outside the paradigm. PAM is all about authenticating
> > user entities.. Groups are treated more along the lines of "credentials"
> > than entities for the purpose of authentication. I don't know what else to
> > say on the subject.
> 
> Well, but the credentials (like group info) are usually stored alongside
> with the authentication info (like passwords). Hence, if you strive to
> provide a transparent means of authentication, you have to complete the
> picture and provide a transparent means of accessing credentials.
> 
> The only alternative is to fall back to non-PAM functions which is against
> the whole point, isn't it?

What are you trying to do?

PAM is able to dish out groups as credentials.. (see pam_group.so)

You can also write a module to authenticate a user based on the groups he
belongs too. It is up to this module to decide where it takes the
user<->group mapping from. PAM does not provide a fail safe method for
this.

Cheers

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []