[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Hoe to get uid,gid through PAM



Thanks for your reply. But we are ok to use NSS modules to get the uid and gid. We are looking at configuring NSS to use ldap for these details.
Preet

On Thu, Aug 18, 2011 at 11:32 AM, Jason Gerfen <jason gerfen utah edu> wrote:
I have a patch you could use that implements additional configuration settings to the krb5.conf, provides an optional compile switch for the existing pam_krb5 (--with-ldap), and specifically addresses the UID/GID mapping of remote users by creating a password-less local account (similar to caching mechanisms) for Active Directory/OpenLDAP users.

Of course the necessary POSIX account schema attributes per RFC 2307 (http://www.ietf.org/rfc/rfc2307.txt) are required within the directory service you wish to use for the UID, GID, HomeDirectory & DefaultShell account requirements but it should suit your needs.

Here is the patch: https://github.com/jas-/pam_krb5-ldap
Here is the original pam_krb5 provided by RedHat: https://fedorahosted.org/pam_krb5/
Here is additional documentation on the project to help with patching, compiling, installing and configuring (this might be slightly outdated): https://help.ubuntu.com/community/Alternate_Pam_Krb5LDAP_Authentication

Hope that helps some.
jas
________________________________________
From: pam-list-bounces redhat com [pam-list-bounces redhat com] On Behalf Of preet $ [preet3039 gmail com]
Sent: Thursday, August 18, 2011 9:27 AM
To: Pluggable Authentication Modules
Subject: Re: Hoe to get uid,gid through PAM

Thanks for your reply.

Preet
On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk suse de<mailto:kukuk suse de>> wrote:
On Wed, Aug 17, preet $ wrote:

> Hello,
>
>       How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.

You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

_______________________________________________
Pam-list mailing list
Pam-list redhat com<mailto:Pam-list redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]