Automatic account creation after authentication

[Jason Gerfen]

I modified the original pam_krb5 module to do something similar to this,
here is a brief list of features:

- Performs standard KRB TGT process
- If valid TGT received from KDC check for local account
- If no local account already present it performs a AD/LDAP query (no
authentication against LDAP)
- Then creates a passwordless local account for the user as well as home
directory

A lot of people do the opposite by modifications to the PAM stack to use
the nss_ldap to enumerate accounts.

I am not sure about how your architecture is setup but either of the
above might be a viable solution. And I am unfamiliar with the
pam_radius_auth module.

If you are interested in the project I setup at sourceforge (just
contains additional code to perform features I mentioned above) you can
find it under pam_krb5+ldap. I attempted to contact the original
developer to see about merging the features I implemented but never
heard back.

HTH

Fabio Pedretti wrote:
> Hi,
> I'd like to use the pam_radius_auth module for authenticating students
> on several Linux machines against a RADIUS server. It works well for
> authentication, but there is the limit that user accounts have to be
> present on the machines, or else the authentication process will fail.
> This is a problem, since we have thousand of students and several machines.
> 
> Note that I am also using pGina to do the same job with Windows machines
> (which automatically creates the accounts after successful authentication).
> 
> What I would like is a module similar to pam_mkhomedir.so that is able
> to automatically create accounts - what a "useradd myuser" would do -
> after first successful authentication.
> 
> Is that possible?
> 
> Thanks,
> Fabio
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list


-- 
Jason Gerfen

"I practice my religion
 while stepping on your
 toes..."
~The Ditty Bops