Group information and PAM
Thorsten Kukuk
kukuk at suse.de
Wed May 6 05:39:18 UTC 2015
On Tue, May 05, JCA wrote:
> 2) When doing authentication with an LDAP or RADIUS server through
> PAM, is it possible to configure PAM so that the information
> concerning the groups that the user belongs to is obtained from the
> server, rather than locally? Both LDAP and RADIUS servers can easily
> convey that information at the same time as the carry out a successful
> authentication, but it is not clear to me if PAM provides any
> mechanism to make use of it.
PAM is doing authentication, not setting up the user account.
For this, the login process is responsible. What you want to
look at is "NSS", especially /etc/nsswitch.conf.
Thorsten
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the Pam-list
mailing list