Note : To clarify what I try to do : I try to create an ldap "sysgroup" posixgroup entry whose usual (and unusual) "sysaccounts" would be member of to be able grant to the members of that "sysgroup" specific rights ( declared in security/access.conf). I'm also open to suggestions :-) -- Olivier 2012/3/13 bloguillard <blog@xxxxxxxxxxxxxxx>: > Hello, > > I have configure a redhat box to authenticate users over an > openldap server. "Systems" account ( uid > 500 ) are not > created in ldap but are authentified over local password db. > > system-auth : > ... > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth sufficient pam_sss.so use_first_pass > auth required pam_deny.so > ... > > My ldap directory also contains posixgroups. > > I noticed that if I configure locally a system account to use > an ldap GID, then the user is properly registered as a member > of this group as well as any other groups it would be member > of locally ( declared in /etc/group ). > > But if I declare in local /etc/passwd a local group as being the > primary group for that user, then the user is not registered as being > member of any ldap group it would be "subscribed" to. > > QUESTION : is there anyway to configure pam to say that the > user group list includes ldap groups the user is member of > as well as local groups, even if the primary group of that user > is local ? > > Thanks > > --- > Olivier _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
