RE: Hoe to get uid,gid through PAM
Jason Gerfen <jason.gerfen <at> utah.edu>
2011-08-18 15:32:38 GMT
I have a patch you could use that implements additional configuration settings to the krb5.conf, provides
an optional compile switch for the existing pam_krb5 (--with-ldap), and specifically addresses the
UID/GID mapping of remote users by creating a password-less local account (similar to caching
mechanisms) for Active Directory/OpenLDAP users.
Of course the necessary POSIX account schema attributes per RFC 2307
(http://www.ietf.org/rfc/rfc2307.txt) are required within the directory service you wish to use for
the UID, GID, HomeDirectory & DefaultShell account requirements but it should suit your needs.
Here is the patch: https://github.com/jas-/pam_krb5-ldap
Here is the original pam_krb5 provided by RedHat: https://fedorahosted.org/pam_krb5/
Here is additional documentation on the project to help with patching, compiling, installing and
configuring (this might be slightly outdated): https://help.ubuntu.com/community/Alternate_Pam_Krb5LDAP_Authentication
Hope that helps some.
From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of preet $ [preet3039 <at> gmail.com]
Sent: Thursday, August 18, 2011 9:27 AM
To: Pluggable Authentication Modules
Subject: Re: Hoe to get uid,gid through PAM
Thanks for your reply.
On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk <at> suse.de<mailto:kukuk <at> suse.de>> wrote:
On Wed, Aug 17, preet $ wrote:
> How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.
You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Pam-list mailing list
Pam-list <at> redhat.com<mailto:Pam-list <at> redhat.com>