Thanks so much for the inputs. Yes Let me try to use NSS for getting just the username and keep RADIUS/TACACS server to authenticate. Regards, Ivan. On Wed, Jan 3, 2018 at 8:50 PM, Gert Doering <gert@xxxxxxxxxxxxxx> wrote: > Hi, > > On Wed, Jan 03, 2018 at 04:03:39PM +0100, Michael Ströder wrote: > > Sudarshan Soma wrote: > > > Does sssd/NSS has a way to fetch user names from sources like > > > RADIUS/TACACS server? > > My impression is that while this might be theoretically possible, nobody > > does this. Especially it's not clear to me how you would push group > > membership to the system. And AFAICS in case of TACACS+ there's also > > only a single "role" available (translate this to single group). > > Just for the sake of completeness: TACACS+ can return arbitrary > key-value pairs, so you can build whatever authorization / grouping > scheme on top of TACACS+ that you want. > > Not sure anyone has done that before, so this advice is still valid: > > > So the usual answer is: Use LDAP. > > ... as more people have done it, thus more software supports it, and > things are more likely to "just work". > > gert > -- > now what should I write here... > > Gert Doering - Munich, Germany > gert@xxxxxxxxxxxxxx > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
