[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: PAM: How to test non-local group membership (LDAP, SQL, ...)?

From: Andreas Hasenack <ahasenack terra com br>
To: Pluggable Authentication Modules <pam-list redhat com>
Subject: Re: PAM: How to test non-local group membership (LDAP, SQL, ...)?
Date: Mon, 11 Jun 2007 09:34:26 -0300

On Mon, Jun 11, 2007 at 09:59:40AM +0200, Brian Schau wrote:
> > You should use the (g)libc functions to determine group membership. You 
> > don't have to know if the user database is in sql, ldap, db, etc.
> 
>  Ok, so if I understand you correctly I can use PAM to authenticate the
>  user (f.ex. in LDAP) and then use the libc functions to verify the group
>  membership as if that information was present locally on the server?

Yes, this second step would be in the account section.
Note that you should be doing the authentication with a database
specific module, like pam_ldap, pam_mysql, etc. Because for auth, these
users won't be in local files either.

References:
- PAM: How to test non-local group membership (LDAP, SQL, ...)?
  - From: Brian Schau
- Re: PAM: How to test non-local group membership (LDAP, SQL, ...)?
  - From: Andreas Hasenack
- Re: PAM: How to test non-local group membership (LDAP, SQL, ...)?
  - From: Brian Schau

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]