[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Set new UID/GID



Hello,


maybe nss_updatedb and pam_ccreds could help here.

You can get the modules over at http://www.padl.com

I didn't test this modules against anything other than ldap so this
might not work in your setup...

Marc

Am Freitag, den 23.07.2010, 08:55 +0200 schrieb ABULIUS, MUGUR (MUGUR):
> > What are you trying to acheive?
> 
> In my Linux systems the authentication policy for SSH connections checks first a RADIUS server for user/password and if the RADIUS server is not available then it checks a local account (possibly with other user name).
> 
> If the user is authenticated by RADIUS (with MS-CHAPv2) it must receive some UID/GIDs that are not the same as from the local account.
> 
> The password change policy is:
> -	If RADIUS is available and it requires a password change then the password should be updated on RADIUS and locally.
> -	If RADIUS is not available no password change is allowed locally
> 
> We have also a second scenario for which some users are defined exclusively on RADIUS. Meaning that there is no local Linux account (or if this is not technically possible, the corresponding accounts are disabled somehow).
> 
> Thank you
> Mugur
> 
> -----Original Message-----
> From: pam-list-bounces redhat com [mailto:pam-list-bounces redhat com] On Behalf Of Martin
> Sent: jeudi 22 juillet 2010 23:44
> To: pam-list redhat com
> Subject: Re: Set new UID/GID
> 
> <snip>
> > > Hello all,
> > >  
> > > I want to write a PAM module that authenticates SSH users without 
> > > using /etc/passwd. For granting a GID I found the "pam_group"
> > > module.
> > >  
> > > There is any available PAM module that allows setting a specific UID 
> > > not listed in /etc/passwd?
> > >  
> There are two seperate tasks here, the first is authentication and the second is user information.  With the (very) old password system they used to be the same thing, however they are now (rightly) separate.  PAM deals with the authentication part, NSS deals with user information such as UID, etc.
> 
> What are you trying to acheive?  It may be that LDAP will do what you want.
> 
> Cheers,
>  - Martin
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list redhat com
> https://www.redhat.com/mailman/listinfo/pam-list
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list redhat com
> https://www.redhat.com/mailman/listinfo/pam-list
-- 
Mit freundlichen Gruessen,


Marc - A. Dahlhaus
Administration

Westermann GmbH                 Tel: 04252 399 87
Am Gaswerk 3                    Fax: 04252 399 45
27305 Bruchhausen-Vilsen        Mail: mad wol de

Geschaeftsfuehrer: Hermann Westermann
Handelsregister: Walsrode, HRB 110518


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]