A couple questions came up regarding my pam_netgroups module which I will try to answer: 1) LDAP support. pam_netgroups knows nothing about LDAP (and I confess, I am not terribly strong on it either). However, all accesses to standard Unix passwd/group files go through getpwnam or getgrnam, and so if the LDAP groups/user info is accessible using NSS and these routines, it should work with pam_netgroups. 2) support for all info in the command line (i.e. no access file required): This is currently unsupported, but if there is interest I can see about adding it. The suggested access=@xxxxxxxxxx deny=@xxxxxxxxxxx does not seem feasible, as I believe it would require major changed to the input flow, plus at least sounds like is changing the logic. I could probably manage something like list="-@xxxxxxxxxxx;+@xxxxxxxxxx" which would function identically to file=somefile where somefile contains -@xxxxxxxxxxx +@xxxxxxxxxx (note that the reverse order +@xxxxxxxxxx -@xxxxxxxxxxx is equivalent to the plain +@xxxxxxxxxx unless there are lines following the badNetgroup entry). I do not have an ETA on when a beta for this change will be available--- depends on whether can be done as a real quick patch or actually requires more than a couple lines of change. Haven't looked at the code for a while. And I thought I bloated it out with enough parameters to keep anyone happy:) 3) In looking things over, I found a bug in the docs (talking about ampersands (&) not at signs (@) for indicating groups). The at sign (@) is the correct group designator, must have been tired when typed up the docs. This will be fixed shortly. Tom Payerle Dept of Physics payerle@xxxxxxxxxxxxxxx University of Maryland (301) 405-6973 College Park, MD 20742-4111 Fax: (301) 314-9525 _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
