Re: SSHD and PAM

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Wed, Jan 03, 2018 at 04:03:39PM +0100, Michael Ströder wrote:
> Sudarshan Soma wrote:
> > Does sssd/NSS has  a way to fetch user names from sources like 
> > RADIUS/TACACS  server?
> My impression is that while this might be theoretically possible, nobody
> does this. Especially it's not clear to me how you would push group
> membership to the system. And AFAICS in case of TACACS+ there's also
> only a single "role" available (translate this to single group).

Just for the sake of completeness:  TACACS+ can return arbitrary
key-value pairs, so you can build whatever authorization / grouping 
scheme on top of TACACS+ that you want.

Not sure anyone has done that before, so this advice is still valid:

> So the usual answer is: Use LDAP.

... as more people have done it, thus more software supports it, and
things are more likely to "just work".

gert
-- 
now what should I write here...

Gert Doering - Munich, Germany                             gert@xxxxxxxxxxxxxx

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux