Pluggable Authentication Modules

headers bloguillard | 13 Mar 2012 17:13 · /mapper/

Hello,

I have configure a redhat box to authenticate users over an
openldap server. "Systems" account ( uid > 500 ) are not
created in ldap but are authentified over local password db.

system-auth :
...
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so
...

My ldap directory also contains posixgroups.

I noticed that if I configure locally a system account to use
an ldap GID, then the user is properly registered as a member
of this group as well as any other groups it would be member
of locally ( declared in /etc/group ).

But if I declare in local /etc/passwd a local group as being the
primary group for that user, then the user is not registered as being
member of any ldap group it would be "subscribed" to.

QUESTION : is there anyway to configure pam to say that the
user group list includes ldap groups the user is member of
as well as local groups, even if the primary group of that user
is local ?

Mon	Tue	Wed	Thu	Fri	Sat	Sun

			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

3	May 2013
2	April 2013
11	March 2013
6	January 2013
6	December 2012
121	November 2012
7	September 2012
7	August 2012
1	July 2012
1	June 2012
2	April 2012
9	March 2012
8	January 2012
15	December 2011
15	November 2011
21	October 2011
7	September 2011
7	August 2011
21	July 2011
14	June 2011
7	May 2011
1	April 2011
6	March 2011
4	February 2011
10	January 2011
21	December 2010
3	November 2010
7	October 2010
1	August 2010
9	July 2010
18	June 2010
11	May 2010
1	April 2010
7	March 2010
14	February 2010
7	January 2010
14	December 2009
3	November 2009
32	October 2009
7	September 2009
36	August 2009
33	July 2009
14	June 2009
5	May 2009
23	April 2009
30	March 2009
23	February 2009
14	January 2009
6	December 2008
21	November 2008
44	October 2008
23	September 2008
4	August 2008
33	July 2008
48	June 2008
24	May 2008
43	April 2008
27	March 2008
18	February 2008
21	January 2008
35	December 2007
38	November 2007
35	October 2007
66	September 2007
39	August 2007
37	July 2007
24	June 2007
15	May 2007
44	April 2007
62	March 2007
20	February 2007
24	January 2007
21	December 2006
19	November 2006
19	October 2006
27	September 2006
14	August 2006
30	July 2006
14	June 2006
32	May 2006
29	April 2006
20	March 2006
30	February 2006
59	January 2006
24	December 2005
29	November 2005
79	October 2005
35	September 2005
12	August 2005
24	July 2005
27	June 2005
24	May 2005
29	April 2005
29	March 2005
44	February 2005
82	January 2005
25	December 2004
64	November 2004
53	October 2004
74	September 2004
45	August 2004
31	July 2004
83	June 2004
66	May 2004
28	April 2004
41	March 2004
70	February 2004
22	January 2004
54	December 2003
29	November 2003
47	October 2003
89	September 2003
44	August 2003
56	July 2003
34	June 2003
85	May 2003
93	April 2003
65	March 2003
84	February 2003
56	January 2003
77	December 2002
51	November 2002
30	October 2002
59	September 2002
76	August 2002
71	July 2002
80	June 2002
112	May 2002
80	April 2002
31	March 2002
1	February 2002

check group membership locally and in also in ldap

Re: check group membership locally and in also in ldap

Re: check group membership locally and in also in ldap

Re: check group membership locally and in also in ldap

pammount not unmounting encrypted home on logout

"PAM unable to resolve symbol"

Re: pammount not unmounting encrypted home on logout

pam_mount to avoid passwd uid

Re: pam_mount to avoid passwd uid