Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to single group). So the usual answer is: Use LDAP. > We wanted to enable RADIUS/TACACS Authentication using PAM and enabling PAM > in sshd. You could implement password authc for sshd (to be on-topic here) via pam_radius and let LDAP serve the NSS part. Not sure whether it's worth the effort though. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev