pam-list-request redhat com wrote:
Elias,Send Pam-list mailing list submissions to pam-list redhat com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/pam-list or, via email, send a message with subject or body 'help' to pam-list-request redhat com You can reach the person managing the list at pam-list-owner redhat com When replying, please edit your Subject line so it is more specific than "Re: Contents of Pam-list digest..." please remember, that successful authenticating isn't just enough to log into a linux machine. What you need to estabilsh a valid session is essentially: - uid - gid - default shell - home directory all these things are provided e.g. by /etc/passwd and friends. The Interface to this data is done via glibc and the name service switch NSS (libnss modules). A complete framework for 'foreign' login can be found in the SAMBA suite. It consists of - a PAM module (pam_winbind.so) - a NSS module (libnss_winbind.so) - the protocol daemon (winbindd) When working with Microsoft ADS you may occasionally need in addition: - the name service daemon of the samba suite (nmbd) - local kerberos support (via MIT-kerberos or HEIMDAL libraries) - enter your linux machine into the ADS via 'net join ...' Please look at the man pages of winbindd on how to configure the framework. I've done this successfully several times using Debian or Neovell/Suse. Tacacs+ , though working fine with libpam_tacacs.so, doesn't provide any NSS hooks anyway, so it cannot provide a full login framework Radius is widely configurable in respect to additional options, but as far as i know, there is also no NSS module for (Free-)Radius available. Regards Andreas -- Dr.-Ing. Andreas Schindler Alpha Zero One Computersysteme GmbH Frankfurter Str. 141 63303 Dreieich Telefon 06103-57187-21 Telefax 06103-373245 schindler az1 de www.az1.de Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle |