Proper Way for a PAM Module to Add Groups to a User
Douglas Logan
tembenite at gmail.com
Mon Oct 3 11:42:35 UTC 2016
Thorsten,
Let me clarify. The PAM module I'm writing authenticates the
users against an external data source and pulls back a list of remote
groups. I want groups with those same names to be added to the users.
Most of the examples I've seen on pam_group seem to be for adding
certain groups for all users. I don't want things added for all users,
I want it based on what comes back from my external data store.
I'm assuming by the fact that pam_group can add groups to a user,
there should be a pam api for that, but I have not found any
documentation on this. That is what I'm hopefully looking for; what
where that api is.
If there is some way that pam_group can be utilized to map my remote
groups to local groups; that could also work. However, even then, I
assume there is someway I need to make pam_group aware of the groups
coming back from my pam module.
Thanks,
Doug
On Sat, Oct 1, 2016 at 11:49 AM, Thorsten Kukuk <kukuk at suse.de> wrote:
>
> Hi,
>
> On Sat, Oct 01, Douglas Logan wrote:
>
>> Hello,
>> I'm trying to create a PAM module. I've had no problem with the
>> standard authentication portion and have that working based on some
>> samples I was able to find.
>>
>> However, I'm having a difficult time finding an example on how I'm
>> supposed to add additional groups to a user during PAM login.
>
> There is already a module which is doing this: pam_group.
>
> Thorsten
>
> --
> Thorsten Kukuk, Senior Architect SLES & Common Code Base
> SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list