On Thu, 13 Feb 2003, JC Ferguson wrote: > > Do you really need *every* user to have shell access? > > yes, but not to the traditional shell, but rather a captive program. In which case telnetd is the wrong solution. If all you want is for the users to have radius authenticated access to a specific program without requiring any system account then a simple wrapper listening to the port, authenticating the user and then forking the process would seem a better solution. > problem is, if you support RADIUS, local login, LDAP, etc., you > effectively have many databases containing user credentials. the > restriction requiring a shell means that each time an admin person adds > a user to RADIUS, they need to add a user to /etc/passwd. If they > don't, you cannot log in. Maybe this becomes a hard requirement, but it > seems ugly. One idea would be to map a set of RADIUS users to an > /etc/passwd user, provided you don't care about priv. separation with > different UIDs. You could certainly do that. I'm not aware of any nss_radius type solution but it should be possible to write one without too much difficulty. Jason Clifford -- UKFSN.ORG Finance Free Software while you surf the 'net http://www.ukfsn.org/ Sign Up Now _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
