Hoe to get uid,gid through PAM
Jason Gerfen
jason.gerfen at utah.edu
Thu Aug 18 15:32:38 UTC 2011
I have a patch you could use that implements additional configuration settings to the krb5.conf, provides an optional compile switch for the existing pam_krb5 (--with-ldap), and specifically addresses the UID/GID mapping of remote users by creating a password-less local account (similar to caching mechanisms) for Active Directory/OpenLDAP users.
Of course the necessary POSIX account schema attributes per RFC 2307 (http://www.ietf.org/rfc/rfc2307.txt) are required within the directory service you wish to use for the UID, GID, HomeDirectory & DefaultShell account requirements but it should suit your needs.
Here is the patch: https://github.com/jas-/pam_krb5-ldap
Here is the original pam_krb5 provided by RedHat: https://fedorahosted.org/pam_krb5/
Here is additional documentation on the project to help with patching, compiling, installing and configuring (this might be slightly outdated): https://help.ubuntu.com/community/Alternate_Pam_Krb5LDAP_Authentication
Hope that helps some.
jas
________________________________________
From: pam-list-bounces at redhat.com [pam-list-bounces at redhat.com] On Behalf Of preet $ [preet3039 at gmail.com]
Sent: Thursday, August 18, 2011 9:27 AM
To: Pluggable Authentication Modules
Subject: Re: Hoe to get uid,gid through PAM
Thanks for your reply.
Preet
On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk at suse.de<mailto:kukuk at suse.de>> wrote:
On Wed, Aug 17, preet $ wrote:
> Hello,
>
> How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.
You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com<mailto:Pam-list at redhat.com>
https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list