Re: Automatic account creation after authentication

[Fabio Pedretti <fabio pedretti ing unibs it>]

Citando Jason Gerfen <jason gerfen scl utah edu>:

> I modified the original pam_krb5 module to do something similar to this,
> here is a brief list of features:
>
> - Performs standard KRB TGT process
> - If valid TGT received from KDC check for local account
> - If no local account already present it performs a AD/LDAP query (no
> authentication against LDAP)
> - Then creates a passwordless local account for the user as well as home
> directory

Interesting. I'll take a look at the account creation portion of it.

> A lot of people do the opposite by modifications to the PAM stack to use
> the nss_ldap to enumerate accounts.

This is not possible with RADIUS, since it can't enumerate users - only authenticate them.