RE: Set new UID/GID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> What are you trying to acheive?

In my Linux systems the authentication policy for SSH connections checks first a RADIUS server for user/password and if the RADIUS server is not available then it checks a local account (possibly with other user name).

If the user is authenticated by RADIUS (with MS-CHAPv2) it must receive some UID/GIDs that are not the same as from the local account.

The password change policy is:
-	If RADIUS is available and it requires a password change then the password should be updated on RADIUS and locally.
-	If RADIUS is not available no password change is allowed locally

We have also a second scenario for which some users are defined exclusively on RADIUS. Meaning that there is no local Linux account (or if this is not technically possible, the corresponding accounts are disabled somehow).

Thank you

-----Original Message-----
From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Martin
Sent: jeudi 22 juillet 2010 23:44
To: pam-list@xxxxxxxxxx
Subject: Re: Set new UID/GID

> > Hello all,
> >  
> > I want to write a PAM module that authenticates SSH users without 
> > using /etc/passwd. For granting a GID I found the "pam_group"
> > module.
> >  
> > There is any available PAM module that allows setting a specific UID 
> > not listed in /etc/passwd?
> >  
There are two seperate tasks here, the first is authentication and the second is user information.  With the (very) old password system they used to be the same thing, however they are now (rightly) separate.  PAM deals with the authentication part, NSS deals with user information such as UID, etc.

What are you trying to acheive?  It may be that LDAP will do what you want.

 - Martin

Pam-list mailing list

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux