Set new UID/GID

Marc - A. Dahlhaus mad at wol.de
Fri Jul 23 10:37:20 UTC 2010 

Hello,


maybe nss_updatedb and pam_ccreds could help here.

You can get the modules over at http://www.padl.com

I didn't test this modules against anything other than ldap so this
might not work in your setup...

Marc

Am Freitag, den 23.07.2010, 08:55 +0200 schrieb ABULIUS, MUGUR (MUGUR):
> > What are you trying to acheive?
> 
> In my Linux systems the authentication policy for SSH connections checks first a RADIUS server for user/password and if the RADIUS server is not available then it checks a local account (possibly with other user name).
> 
> If the user is authenticated by RADIUS (with MS-CHAPv2) it must receive some UID/GIDs that are not the same as from the local account.
> 
> The password change policy is:
> -	If RADIUS is available and it requires a password change then the password should be updated on RADIUS and locally.
> -	If RADIUS is not available no password change is allowed locally
> 
> We have also a second scenario for which some users are defined exclusively on RADIUS. Meaning that there is no local Linux account (or if this is not technically possible, the corresponding accounts are disabled somehow).
> 
> Thank you
> Mugur
> 
> -----Original Message-----
> From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On Behalf Of Martin
> Sent: jeudi 22 juillet 2010 23:44
> To: pam-list at redhat.com
> Subject: Re: Set new UID/GID
> 
> <snip>
> > > Hello all,
> > >  
> > > I want to write a PAM module that authenticates SSH users without 
> > > using /etc/passwd. For granting a GID I found the "pam_group"
> > > module.
> > >  
> > > There is any available PAM module that allows setting a specific UID 
> > > not listed in /etc/passwd?
> > >  
> There are two seperate tasks here, the first is authentication and the second is user information.  With the (very) old password system they used to be the same thing, however they are now (rightly) separate.  PAM deals with the authentication part, NSS deals with user information such as UID, etc.
> 
> What are you trying to acheive?  It may be that LDAP will do what you want.
> 
> Cheers,
>  - Martin
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
-- 
Mit freundlichen Gruessen,


Marc - A. Dahlhaus
Administration

Westermann GmbH                 Tel: 04252 399 87
Am Gaswerk 3                    Fax: 04252 399 45
27305 Bruchhausen-Vilsen        Mail: mad at wol.de

Geschaeftsfuehrer: Hermann Westermann
Handelsregister: Walsrode, HRB 110518

More information about the Pam-list mailing list