[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Using PAM to managed shared authentication



Chris Dent wrote:
> Both of these things seem theoretically possible, and I have it
> working for someone who has both a kerberos instance and an entry in
> the shadow file. For someone who is only list in the passwd file and
> has a kerberos entry I can get login to work, but I don't seem to know
> what I'm doing when it comes to setting up passwd. The problem seems
> to be in getting PAM to be aware of someone who is not listed in the
> shadow file.

I think that libpwdb is going to provide the solution (in the long term) to
having distributed account information.

> Having a system where there are two passwd binaries, one that only
> does kerberos, and one that does both kerberos and shadow, is
> acceptable, but I'm not quite sure how that would work either.

I'm not sure which passwd binary Red Hat is shipping with 4.1, but 4.0 came
from an older release of SimplePAMApps. The latest version now has a '-N'
control flag that can be used to change the service name of the application. 
In this way, you can use the passwd application to update one of a number of
'flavors' of account passwords by providing the corresponding extra service
entries in your /etc/pam.{d/,conf} configuration files.. [Its all explained
in the manual page.]

Hope that helps

Best wishes

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []