[Freeipa-users] Query IPA for group membership
Fred van Zwieten
fvzwieten at vxcompany.com
Fri Oct 5 17:36:53 UTC 2012
Hello,
I have a IPA server running. This server has users who are member to
various groups. I want to query the IPA server from an IPA client to know
whether a user is a member to a group.
I want to do this from the OpenVPN service using the openvpn_auth_pam.so.
Normally one uses this like this:
openvpn_auth_pam.so login
This queries the PAM login (and thus IPA) is the username/password from
openvpn is valid. the "login" is /etc/pam.d/login. OpenVPN docs say you
could use other modules instead of login.
So, I would like to add the next line:
openvpn_auth_pam.so group <username> "openvpn"
Where a /etc/pam.d/group file would check whether the user is member of the
group "openvpn". If not, false is returned and the login attempt (thru
openvpn) fails.
Is this possible? If not is there a better way?
Fred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121005/4ab14718/attachment.htm>
More information about the Freeipa-users
mailing list