Identifying Origin with PAM/nsswitch
CJ Bridges
gratch06 at gmail.com
Tue Jun 10 22:59:14 UTC 2008
PAM and nsswitch typically appear to be used in tandem to manage
logins on most Linux systems.
In a situation where a linux machine was configured to use "local nis
ldap" for user authentication, the behavior when Joe tries to log in
is (simplified):
Is Joe a local user? Verify password if so.
If not local, is Joe an NIS user? Verify password if so.
If not NIS, is Joe an LDAP user? Verify password if so.
After that authentication procedure using the various PAM modules as
appropriate, Joe has successfully logged in, and is working under an
appropriate uid.
Later on, is there any way to figure out where Joe is really defined
as a user, and/or how he logged in (via which module)? getpwuid and
friends would not appear to offer any distinction between the various
user classes.
Thanks,
CJ Bridges
More information about the Pam-list
mailing list