headers
preet $ | 18 Aug 2011 04:25
Picon

Hoe to get uid,gid through PAM

Hello,
 
      How do I get the user credentials such as uid, eid, and gid defined in various authentication mechanisms such as LDAP etc through PAM. Please provide some info on that. 
 
Thanks
Preet
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 5 comments |
headers
Thorsten Kukuk | 18 Aug 2011 07:38
Picon

Re: Hoe to get uid,gid through PAM

On Wed, Aug 17, preet $ wrote:

> Hello,
> 
>       How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.

You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Permalink | Reply | 3 comments |
headers
preet $ | 18 Aug 2011 17:27
Picon

Re: Hoe to get uid,gid through PAM

Thanks for your reply.

 
Preet
On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk <at> suse.de> wrote:
On Wed, Aug 17, preet $ wrote:

> Hello,
>
>       How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.

You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 2 comments |
headers
Jason Gerfen | 18 Aug 2011 17:32
Picon
Favicon

RE: Hoe to get uid,gid through PAM

I have a patch you could use that implements additional configuration settings to the krb5.conf, provides
an optional compile switch for the existing pam_krb5 (--with-ldap), and specifically addresses the
UID/GID mapping of remote users by creating a password-less local account (similar to caching
mechanisms) for Active Directory/OpenLDAP users.

Of course the necessary POSIX account schema attributes per RFC 2307
(http://www.ietf.org/rfc/rfc2307.txt) are required within the directory service you wish to use for
the UID, GID, HomeDirectory & DefaultShell account requirements but it should suit your needs.

Here is the patch: https://github.com/jas-/pam_krb5-ldap
Here is the original pam_krb5 provided by RedHat: https://fedorahosted.org/pam_krb5/
Here is additional documentation on the project to help with patching, compiling, installing and
configuring (this might be slightly outdated): https://help.ubuntu.com/community/Alternate_Pam_Krb5LDAP_Authentication

Hope that helps some.
jas
________________________________________
From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of preet $ [preet3039 <at> gmail.com]
Sent: Thursday, August 18, 2011 9:27 AM
To: Pluggable Authentication Modules
Subject: Re: Hoe to get uid,gid through PAM

Thanks for your reply.

Preet
On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk <at> suse.de<mailto:kukuk <at> suse.de>> wrote:
On Wed, Aug 17, preet $ wrote:

> Hello,
>
>       How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.

You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com<mailto:Pam-list <at> redhat.com>
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 1 comment |
headers
preet $ | 25 Aug 2011 20:24
Picon

Re: Hoe to get uid,gid through PAM

Thanks for your reply. But we are ok to use NSS modules to get the uid and gid. We are looking at configuring NSS to use ldap for these details.
Preet

On Thu, Aug 18, 2011 at 11:32 AM, Jason Gerfen <jason.gerfen <at> utah.edu> wrote:
I have a patch you could use that implements additional configuration settings to the krb5.conf, provides an optional compile switch for the existing pam_krb5 (--with-ldap), and specifically addresses the UID/GID mapping of remote users by creating a password-less local account (similar to caching mechanisms) for Active Directory/OpenLDAP users.

Of course the necessary POSIX account schema attributes per RFC 2307 (http://www.ietf.org/rfc/rfc2307.txt) are required within the directory service you wish to use for the UID, GID, HomeDirectory & DefaultShell account requirements but it should suit your needs.

Here is the patch: https://github.com/jas-/pam_krb5-ldap
Here is the original pam_krb5 provided by RedHat: https://fedorahosted.org/pam_krb5/
Here is additional documentation on the project to help with patching, compiling, installing and configuring (this might be slightly outdated): https://help.ubuntu.com/community/Alternate_Pam_Krb5LDAP_Authentication

Hope that helps some.
jas
________________________________________
From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of preet $ [preet3039 <at> gmail.com]
Sent: Thursday, August 18, 2011 9:27 AM
To: Pluggable Authentication Modules
Subject: Re: Hoe to get uid,gid through PAM

Thanks for your reply.

Preet
On Thu, Aug 18, 2011 at 1:38 AM, Thorsten Kukuk <kukuk <at> suse.de<mailto:kukuk <at> suse.de>> wrote:
On Wed, Aug 17, preet $ wrote:

> Hello,
>
>       How do I get the user credentials such as uid, eid, and gid defined in
> various authentication mechanisms such as LDAP etc through PAM. Please
> provide some info on that.

You will not. PAM does only authenticate an user for you,
nothing more. What you mean is getpwnam() and similar functions
handled by NSS modules.

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com<mailto:Pam-list <at> redhat.com>

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
preet $ | 25 Aug 2011 23:00
Picon

Re: Hoe to get uid,gid through PAM

Hello,
 
     Is there a separate forum for PAM on HP else can some one point me to that. Is there a generalized conv module that can be used for all platforms. I see pam_map field in pam_appl.h but not sure what is it for, the structure...etc. Is there an PAM application developer doc for HP. Any help would be great...
Thanks
Preet

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
preet $ | 26 Aug 2011 17:41
Picon

Documentation for PAM_MAP on HP

Hi All,
 
     Is there any documentation on how to use PAM_MAP and read and write function for the PAM_MAP for HP. I have found the mention of PAM_MAP but no details of it anywhere.  Any help would be great.
 
Thanks
Preet
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |

Gmane