[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Implmenting PAM

Subject: [ale] Implmenting PAM
From: Newcombe at mordor.clayton.edu (Dan Newcombe)
Date: Thu Sep 18 23:25:27 2003
In-reply-to: <[email protected]>
References: <[email protected]>

On Thu, 18 Sep 2003, Christopher Fowler wrote:
> 1) Use connects to ssh server.
> 2) Is user in /etc/passwd
>    Yes:  Goto end
>    No: 3) Is use in RADIUS Server
>         Yes: Goto End
>         No: 4) Is user in TACAS+ Server
>             Yes: Goto End
>             No: 5) Last try for LDAP
>                 Yes: Goto End
>                 No: "Unknown User"

Yes...you can chain modules together.  There is the noticn of required and
sufficient.  In the above, you'd put them in the order you want with each
one being *sufficient* to allow access.  So as soon as one is found you're
good to go.  If the module is required, then it's condition must be
met...is it is required to be in /etc/passwd, but sufficient if they are
in either radius or ldap.

Ad as you said in another post, half the pam modules are half-assed.  But
the source is usually there.  I've had to modify one or two in the past.
Overall it's a nice system.  At least it works on Linux...it bites on HPUX
(at least that's been my opinion).

References:
- [ale] Implmenting PAM
  - From: cfowler at outpostsentinel.com (Christopher Fowler)

Prev by Date: [ale] Implmenting PAM
Next by Date: [ale] Default mail user?
Previous by thread: [ale] Implmenting PAM
Next by thread: [ale] Implmenting PAM
Index(es):
- Date
- Thread