pam and netgroups
Tomas Mraz
tmraz at redhat.com
Wed Apr 16 17:18:13 UTC 2008
On Wed, 2008-04-16 at 18:58 +0300, Lassi Pölönen wrote:
> Hi,
>
> I've been trying to implement netgroup based centralized authentication
> control with pam. The downside of using pam_access with @users@@hosts
> syntax is that when you have a group of users and group of hosts, it
> seems all the users are allowed to log in to those hosts in defined
> group. Therefor that requires configuration on every host - a host has
> to know which group to honor. pam_acces doesn't seem to check the host
> entry in triple neither.
This could be added to pam_access - we could use the current @netgroup
match in the user field and supply the local machine name as the host
parameter of innetgr(). This would have to be enabled by module option
so it doesn't break old configurations though. Or we could add another
prefix character syntax for this kind of netgroup match.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list