I have a patch you could use that implements additional configuration settings to the krb5.conf, provides an optional compile switch for the existing pam_krb5 (--with-ldap), and specifically addresses the UID/GID mapping of remote users by creating a password-less local account (similar to caching mechanisms) for Active Directory/OpenLDAP users. Of course the necessary POSIX account schema attributes per RFC 2307 (http://www.ietf.org/rfc/rfc2307.txt) are required within the directory service you wish to use for the UID, GID, HomeDirectory & DefaultShell account requirements but it should suit your needs. Here is the patch: https://github.com/jas-/pam_krb5-ldap Here is the original pam_krb5 provided by RedHat: https://fedorahosted.org/pam_krb5/ Here is additional documentation on the project to help with patching, compiling, installing and configuring (this might be slightly outdated): https://help.ubuntu.com/community/Alternate_Pam_Krb5LDAP_Authentication Hope that helps some. jas ________________________________________ From: pam-list-bounces@xxxxxxxxxx [pam-list-bounces@xxxxxxxxxx] On Behalf Of preet $ [preet3039@xxxxxxxxx] Sent: Thursday, August 18, 2011 9:27 AM To: Pluggable Authentication Modules Subject: Re: Hoe to get uid,gid through PAM Thanks for your reply. Preet On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk@xxxxxxx<mailto:kukuk@xxxxxxx>> wrote: On Wed, Aug 17, preet $ wrote: > Hello, > > How do I get the user credentials such as uid, eid, and gid defined in > various authentication mechanisms such as LDAP etc through PAM. Please > provide some info on that. You will not. PAM does only authenticate an user for you, nothing more. What you mean is getpwnam() and similar functions handled by NSS modules. -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx<mailto:Pam-list@xxxxxxxxxx> https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
