On Sunday 10 June 2007 17:30:27 Brian Schau wrote: > trivial if the group info is stored locally (I can probably use the pam_ > group module for that), but how should I do it if the group info is > stored in a LDAP or SQL database? > > I really feel that I am missing something pretty obvious here! > (Perhaps I've been looking to deep into c, java and jni to focus on the > capabilities of PAM ... :-) You should use the (g)libc functions to determine group membership. You don't have to know if the user database is in sql, ldap, db, etc. Those functions will transparently search those databases if the machine has a correctly configured /etc/nsswitch.conf file + the database modules. It's transparent for your application. Which means the way you are doing it now, manually parsing the /etc/group file, is wrong. You should be using those functions from the start. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
