I'm kind of a newbie in many ways. please bare with me. No matter how many times I read the documentation I am not understanding which pam client function should be used to fetch credentials, such as a list of user groups. is that sort of thing accomplished with pam? I get the feeling that something similar happens with pam_set_cred() but I don't want the process's credentials set... I just want to get the description of credentials. that's the basic problem. read on if you want to know the full story. I'm building something that will run on a box that has no users. the box needs to collect authentication info from a connecting user and modify other daemons/whatnot on the box based on how the user is authenticated. I have to be able to collect group information and maybe other types of credentials in a way that is consistent with the method I'm using for authentication. so when, for example, I'm using an NT server to authenticate users I have to collect user groups from the NT server they're authenticating to. Another example... I've made a simple pam module that authenticates a user against a CRYPTOCard server. (as far as I can tell the cryptocard module does not connect to a server but instead implements a server and has a local user database, is that right?) Part of the API I'm working with allows me to fetch the group name from the server that the authenticated user is a part of. I don't know where in the pam module I should use that functionality. on a side note, I don't understand why this isn't the norm. all the modules I've looked at seem to be able to authenticate using remote servers but are not capable of using the credentials from the same remote source. this newbie could be wrong. pam_smb for instance doesn't mess with domain or local nt groups.... the authenticating user must have a local account if group info is desired. Thanks for any input, - Ben
