Automatic account creation after authentication
Fabio Pedretti
fabio.pedretti at ing.unibs.it
Fri Mar 28 14:55:31 UTC 2008
Citando Jason Gerfen <jason.gerfen at scl.utah.edu>:
> I modified the original pam_krb5 module to do something similar to this,
> here is a brief list of features:
>
> - Performs standard KRB TGT process
> - If valid TGT received from KDC check for local account
> - If no local account already present it performs a AD/LDAP query (no
> authentication against LDAP)
> - Then creates a passwordless local account for the user as well as home
> directory
Interesting. I'll take a look at the account creation portion of it.
> A lot of people do the opposite by modifications to the PAM stack to use
> the nss_ldap to enumerate accounts.
This is not possible with RADIUS, since it can't enumerate users - only authenticate them.
More information about the Pam-list
mailing list