Hello, I am about to extend an application to support PAM. I have worked with PAM before as a System administrator, a module programmer and as an application programmer. However, the application I am going to extend is using a somewhat advanced authentication scheme which I am not sure how to support in PAM. I would very much like to be corrected. Here's the deal. A user is authenticated using a username and a password when the user logs on. When authenticated the user can use most of the functions presented in the program. Certain functions re- quires say administrator rights. Other functions requires Advanced Operator rights. The above is a describtion of a trivial group design - a user can belong to one or more groups. The above scheme works well using the /etc/passwd and /etc/group files - "manual" parsing is done. But how do I expand this scheme to use say LDAP or a SQL database? The code is written mostly in Java. I've create a jni interface which, when given a username and password returns true for authenticated and false for rejected. I am unsure how to test for the group membership - I guess it is fairly trivial if the group info is stored locally (I can probably use the pam_ group module for that), but how should I do it if the group info is stored in a LDAP or SQL database? I really feel that I am missing something pretty obvious here! (Perhaps I've been looking to deep into c, java and jni to focus on the capabilities of PAM ... :-) Kind regards, Brian _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
