group handling

[Joe Lewis]

Duke wrote:

>Anywho, I'm just curious how pam handles groups.  I wanted to store
>group information in a pgsql database as well.  For example, if I login
>as a user whose login info is all stored in a database (including group
>info), when I type "ls" in a shell, how is the information retrieved
>that associates user ID and group ID with their names?  Is all that info
>retrieved by pam_login?
>
No. Looking up a user or group ID occurs using the built in system calls 
getpwent(), or libnss. It is not handled by PAM. I had it stored in a 
MySQL database, so it is possible. You just need the proper tools.

>But then what about a user whose login info is not stored in a db?  Like
>root - if I'm logged in as root and am listing files whose uid/gid are
>stored in a database, how are their names retrieved?
>
In the same fashion. nss uses different methods for looking details up 
(such as home). These can be files, nis, etc., or specialized drivers 
such as pgsql or MySQL. PAM is short for Pluggable Authentication 
Modules and only handles the authentication (logging in) of users.

>What I'm going to eventually have is a system using a combination of
>unix login (/etc/[passwd,group]) and a postgresql database.  Anyone else
>using combined login storage systems?
>
It becomes very easy using PAM (for the Authentication side of things) 
and libNSS (for the account properties side of things).

>Thanks!
>  
>
No problem.

Thcau!
Joe