[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Group information and PAM



   I am very new to PAM, so maybe what I am about to ask is trivial;
please bear with me.

   I understand how to configure PAM in my Linux system so that
whenever a user attempts to log in from a given application, the
authentication will be delegated to a relevant server. I have two
questions:

  1) Imagine a user trying to log into my system via SSH. When
authentication is local, that user can resort to public key
authentication, so that no password will have to be supplied. Based on
what I know about PAM, public key authentication will not be available
in general when using an external authentication mechanism - I don't
think that e.g. RADIUS or LDAP servers support that. So my assumption
is that once PAM is configured for, say, RADIUS authentication for
SSH, public key authentication authentication will not be available
for SSH users any more. Is this correct?

   2) When doing authentication with an LDAP or RADIUS server through
PAM, is it possible to configure PAM so that the information
concerning the groups that the user belongs to is obtained from the
server, rather than locally? Both LDAP and RADIUS servers can easily
convey that information at the same time as the carry out a successful
authentication, but it is not clear to me if PAM provides any
mechanism to make use of it.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]