On Mon, 15 Oct 2001, Mike Papper wrote: > Can I use PAM to get a list of groups, a list of users and a list of groups > that a particular user is a member of? Looking at the API, it seems all I > can do really is login a user. Also, I dont want to have to start a session > with a user or autrhenticate them, I just want alist of their groups. Your mixing up a few things. Authenticating doesn't really have anything to do with groups, groups are a property of a user. getgrent() is the function you're looking for. In case that /etc/nsswitch uses something else (ldap, NIS) for group lookups, it returns the list the server (service) gives it. (that is, if I remember correctly) > What I want to do is use a PAM interface to manage "all" known users and > groups. Then I will plug-in various authentication servers to become useful > for various systems. PAM is meant for authenticating, not doing the kind of group magic you want. > In particular I would like to plug-in the winbind > module into PAM and automagically get a list of users and gropups from the > NT PDC. Then I'd like ot plug-in an LDAP module to get a list of users and > groups from LDAP and from Microsoft ADSI (which suppoerts an LDAP > interface). > > Am I dreaming here? > > Has anyone whos tried to do the same thing had any luck talking straight to > a NT PDC using any samba API or talking to a winbind daemon? We are Microsoft Free (tm) here, so I've to say no. You might want to look at the ldap_nss stuff, it does what you want only for use with an LDAP server. With PAM you're looking at the wrong stuff IMHO. regarding the PDC and winbind (what is that ??) you might want to ask the Samba guys, they dream that kind of stuff :) > Mike Papper > mike@digitalpipe.net Igmar