[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

how to *fetch* credentials?

I'm kind of a newbie in many ways.  please bare with me.  No matter how
many times I read the documentation I am not understanding which pam
client function should be used to fetch credentials, such as a list of
user groups.  is that sort of thing accomplished with pam?  I get the
feeling that something similar happens with pam_set_cred() but I don't
want the process's credentials set... I just want to get the description
of credentials.

that's the basic problem.  read on if you want to know the full story.

I'm building something that will run on a box that has no users.  the
box needs to collect authentication info from a connecting user and
modify other daemons/whatnot on the box based on how the user is
authenticated.  I have to be able to collect group information and maybe
other types of credentials in a way that is consistent with the method
I'm using for authentication.  so when, for example, I'm using an NT
server to authenticate users I have to collect user groups from the NT
server they're authenticating to.  Another example... I've made a simple
pam module that authenticates a user against a CRYPTOCard server.  (as
far as I can tell the cryptocard module does not connect to a server but
instead implements a server and has a local user database, is that
right?)  Part of the API I'm working with allows me to fetch the group
name from the server that the authenticated user is a part of.  I don't
know where in the pam module I should use that functionality.

on a side note, I don't understand why this isn't the norm.  all the
modules I've looked at seem to be able to authenticate using remote
servers but are not capable of using the credentials from the same
remote source.  this newbie could be wrong.  pam_smb for instance
doesn't mess with domain or local nt groups.... the authenticating user
must have a local account if group info is desired.

Thanks for any input,

- Ben

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []