I am using Linux-PAM-0.99.3.0
1)Currently when I call pam_authenticate() it authenticates domain user when we set PAM_USERNAME as "DOMAINNAME\username" or simply "username"
Is there any way so that pam_authenticate() will authenticate domain users only when PAM_USERNAME is set in a formate "DOMAINNAME\username" ?
2)I need above requirements because in my application I need to differentiate between two users who has same user names ,one of them is local linux machine while other user belongs to Active directory domain and when I set PAM_USERNAME in the format where no Domain string is prefixed pam_authenticate() succeeds with both passwords(i.e password for domain user and password for local user).
I want , that in this paricular case, the authentication succeed only with local user password and not with domain password.
Is the behaviour mentioned in point 1) as expected ? If so how can I achieve requirement mentioned in point 2).
1)Currently when I call pam_authenticate() it authenticates domain user when we set PAM_USERNAME as "DOMAINNAME\username" or simply "username"
Is there any way so that pam_authenticate() will authenticate domain users only when PAM_USERNAME is set in a formate "DOMAINNAME\username" ?
2)I need above requirements because in my application I need to differentiate between two users who has same user names ,one of them is local linux machine while other user belongs to Active directory domain and when I set PAM_USERNAME in the format where no Domain string is prefixed pam_authenticate() succeeds with both passwords(i.e password for domain user and password for local user).
I want , that in this paricular case, the authentication succeed only with local user password and not with domain password.
Is the behaviour mentioned in point 1) as expected ? If so how can I achieve requirement mentioned in point 2).
Below is PAM configuration file for my application
#%PAM-1.0
# Section 1:
# To enable authentication of local users only
# - comment out all the lines in section 2
# - uncomment the following 3 lines:
# auth required /lib/security/pam_stack.so service=netatalk-auth
# account required /lib/security/pam_stack.so service=netatalk-auth
# session required /lib/security/pam_stack.so service=netatalk-auth
#%PAM-1.0
# Section 1:
# To enable authentication of local users only
# - comment out all the lines in section 2
# - uncomment the following 3 lines:
# auth required /lib/security/pam_stack.so service=netatalk-auth
# account required /lib/security/pam_stack.so service=netatalk-auth
# session required /lib/security/pam_stack.so service=netatalk-auth
# Section 2:
# Note: domain username must be entered as <domainname>\<username>
# To enable authentication of both local and domain users:
# - comment out all the lines in section 1, and
# - uncomment the following lines:
#
auth sufficient /lib/security/pam_unix.so nullok
auth sufficient /lib/security/pam_winbind.so use_first_pass
auth required /lib/security/pam_nologin.so
# Note: domain username must be entered as <domainname>\<username>
# To enable authentication of both local and domain users:
# - comment out all the lines in section 1, and
# - uncomment the following lines:
#
auth sufficient /lib/security/pam_unix.so nullok
auth sufficient /lib/security/pam_winbind.so use_first_pass
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_deny.so
### account sufficient /lib/security/pam_succeed_if.so uid < 100
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/pam_winbind.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
### account sufficient /lib/security/pam_succeed_if.so uid < 100
account required /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/pam_winbind.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Meet people who discuss and share your passions. Join them now.
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
