Andrew Morgan wrote: > Bear in mind that libpam is not supposed to make assumptions about the > privileges of its invoking user. Perhaps you might like to elaborate > on what you want to do? Ok, I have a situation where I am trying to centralise account info using LDAP. On one of my Linux machines, I would like to configure PPP to authenticate using PAM. PAM in turn would authenticate using LDAP. The extentions I am talking about would involve passing supporting info from LDAP through to PPP, like IP address, firewall rules, unix group membership, anything. This information could possibly be used as part of the authentication process, (for example: if the username, password, and supplied group match, authenticate.) but in the default case the info would just be passed to the layer above, should the user have been authenticated. This would allow the replacement of Radius, and other protocols, and allow a complex system to be built just using PAM and a lower level protocol (such as LDAP) of your choice without the need to bypass PAM for other information, such as group info, etc. Regards, Graham -- ----------------------------------------- email@example.com "There's a moon VWV Interactive over Bourbon Street tonight...
Description: S/MIME Cryptographic Signature