Citando Jason Gerfen <jason.gerfen@xxxxxxxxxxxx>:
I modified the original pam_krb5 module to do something similar to this, here is a brief list of features: - Performs standard KRB TGT process - If valid TGT received from KDC check for local account - If no local account already present it performs a AD/LDAP query (no authentication against LDAP) - Then creates a passwordless local account for the user as well as home directory
Interesting. I'll take a look at the account creation portion of it.
A lot of people do the opposite by modifications to the PAM stack to use the nss_ldap to enumerate accounts.
This is not possible with RADIUS, since it can't enumerate users - only authenticate them. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
