Op 26-07-11 02:34, Gary Algier schreef: > On Jul 25, 2011, at 17:24, Tim Nowaczyk <tan7f@xxxxxxxxxxxx> wrote: > >> >> On Jul 25, 2011, at 5:04 PM, Frank Van Damme wrote: >>> So they each use their own methods like grepping /etc/passwd, doing >>> ldap lookups, or whatever it takes to come up with a shell - like >>> "nothing" in the case of obscure authentication methods that the >>> application happens to know nothing about? >>> >> This is out of scope for the pam list, but you should know that you can simply call getpwnam so you don't have to grep /etc/passwd. Many large installations don't even have most of their users in /etc/passwd, but use NIS or LDAP instead. getpwnam uses NSS to get all the users/passwords/groups. Your initial feature request might be able to be implemented by writing a custom NSS module. [1] >> >> Cheers, >> Tim Nowaczyk >> >> [1] http://www.gnu.org/s/hello/manual/libc/Extending-NSS.html#Extending-NSS > > Actually this is already handled in most NIS and some LDAP Implementations using a syntax like: > +@group::::::/bin/myshell (I may be off on the number of colons). > in the /etc/passwd file. Read the docs for your platform's passwd > file syntax and the nsswitch.conf file. Solaris can do this, your > mileage may vary. > > Fat fingered from my iPad -- miscorrections happen. Oh, so it's nss providing that info. You got the number of colons right, by the way - the syntax details about /etc/passwd can be found in nsswitch.conf's man page (...). So for the googler: specify "compat" as a service to "passwd" in /etc/nsswitch.conf, and "ldap" as a service to "passwd_compat". I set it up now with passwd/group/shadow_compat set to "ldap" and putting a plus in /etc/passwd works, +user works, but +@groupname does not. I don't get the group's members as output in "getent passwd", even if the group is a local group. -- No part of this copyright message may be reproduced, read or seen, dead or alive or by any means, including but not limited to telepathy without the benevolence of the author. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
