Paul Khavkine <[EMAIL PROTECTED]> wrote: > I have the following design in mind: > > 1) All authentication is done through PAM -> Krb5 > 2) All user info such as uis/gid is kept in NIS database > > Now i cant seem to figure out how to do that (or even if it's possible) > with FreeRADIUS.
NIS is a big nasty evil monster, so I haven't seen many applications using it directly. And PAM only does username/password authentication, so it can't return uid/etc information. > I need to have huntgroups for different type service so users would > belong to a different unix group. I'm not sure what you mean by that. Huntgroups are mostly NAS based, not Unix group name based. Do you want to ensure that people logging into NAS 1 are in Unix group A, and people logging into NAS 2 are in Unix group B? > But since PAM have no idea about unix groups so i cant use Group = > "dialup" in users file when using PAM. That's a common problem with PAM. > Is there any other way to implement huntgroups with PAM authentication ? Not really. PAM does authentication, and nothing more. It *may* be possible to write an 'rlm_nis' module, but I don't know what that would gain you over just using 'getgrnam'. If you have NIS, you can set /etc/nsswitch.conf to get the groups from NIS. So in that case, a NIS module for the server would only be saving you one function call... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
