RE: Set new UID/GID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,


maybe nss_updatedb and pam_ccreds could help here.

You can get the modules over at http://www.padl.com

I didn't test this modules against anything other than ldap so this
might not work in your setup...

Marc

Am Freitag, den 23.07.2010, 08:55 +0200 schrieb ABULIUS, MUGUR (MUGUR):
> > What are you trying to acheive?
> 
> In my Linux systems the authentication policy for SSH connections checks first a RADIUS server for user/password and if the RADIUS server is not available then it checks a local account (possibly with other user name).
> 
> If the user is authenticated by RADIUS (with MS-CHAPv2) it must receive some UID/GIDs that are not the same as from the local account.
> 
> The password change policy is:
> -	If RADIUS is available and it requires a password change then the password should be updated on RADIUS and locally.
> -	If RADIUS is not available no password change is allowed locally
> 
> We have also a second scenario for which some users are defined exclusively on RADIUS. Meaning that there is no local Linux account (or if this is not technically possible, the corresponding accounts are disabled somehow).
> 
> Thank you
> Mugur
> 
> -----Original Message-----
> From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Martin
> Sent: jeudi 22 juillet 2010 23:44
> To: pam-list@xxxxxxxxxx
> Subject: Re: Set new UID/GID
> 
> <snip>
> > > Hello all,
> > >  
> > > I want to write a PAM module that authenticates SSH users without 
> > > using /etc/passwd. For granting a GID I found the "pam_group"
> > > module.
> > >  
> > > There is any available PAM module that allows setting a specific UID 
> > > not listed in /etc/passwd?
> > >  
> There are two seperate tasks here, the first is authentication and the second is user information.  With the (very) old password system they used to be the same thing, however they are now (rightly) separate.  PAM deals with the authentication part, NSS deals with user information such as UID, etc.
> 
> What are you trying to acheive?  It may be that LDAP will do what you want.
> 
> Cheers,
>  - Martin
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
-- 
Mit freundlichen Gruessen,


Marc - A. Dahlhaus
Administration

Westermann GmbH                 Tel: 04252 399 87
Am Gaswerk 3                    Fax: 04252 399 45
27305 Bruchhausen-Vilsen        Mail: mad@xxxxxx

Geschaeftsfuehrer: Hermann Westermann
Handelsregister: Walsrode, HRB 110518

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux