Re: SSHD and PAM

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks so much for the inputs. Yes Let me try to use NSS for getting just
the username and keep RADIUS/TACACS server to authenticate.


Regards,
Ivan.

On Wed, Jan 3, 2018 at 8:50 PM, Gert Doering <gert@xxxxxxxxxxxxxx> wrote:

> Hi,
>
> On Wed, Jan 03, 2018 at 04:03:39PM +0100, Michael Ströder wrote:
> > Sudarshan Soma wrote:
> > > Does sssd/NSS has  a way to fetch user names from sources like
> > > RADIUS/TACACS  server?
> > My impression is that while this might be theoretically possible, nobody
> > does this. Especially it's not clear to me how you would push group
> > membership to the system. And AFAICS in case of TACACS+ there's also
> > only a single "role" available (translate this to single group).
>
> Just for the sake of completeness:  TACACS+ can return arbitrary
> key-value pairs, so you can build whatever authorization / grouping
> scheme on top of TACACS+ that you want.
>
> Not sure anyone has done that before, so this advice is still valid:
>
> > So the usual answer is: Use LDAP.
>
> ... as more people have done it, thus more software supports it, and
> things are more likely to "just work".
>
> gert
> --
> now what should I write here...
>
> Gert Doering - Munich, Germany
> gert@xxxxxxxxxxxxxx
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux