[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM setting arb parameters

Andrew Morgan wrote:

> Bear in mind that libpam is not supposed to make assumptions about the
> privileges of its invoking user.  Perhaps you might like to elaborate
> on what you want to do?

Ok, I have a situation where I am trying to centralise account info
using LDAP.

On one of my Linux machines, I would like to configure PPP to
authenticate using PAM. PAM in turn would authenticate using LDAP.

The extentions I am talking about would involve passing supporting info
from LDAP through to PPP, like IP address, firewall rules, unix group
membership, anything.

This information could possibly be used as part of the authentication
process, (for example: if the username, password, and supplied group
match, authenticate.) but in the default case the info would just be
passed to the layer above, should the user have been authenticated.

This would allow the replacement of Radius, and other protocols, and
allow a complex system to be built just using PAM and a lower level
protocol (such as LDAP) of your choice without the need to bypass PAM
for other information, such as group info, etc.

graham@vwv.com			"There's a moon
VWV Interactive				over Bourbon Street

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []