Re: [ilugd] Virtual users mapped to system users

Sat, 21 May 2011 20:25:36 -0700 

Hi Raj,
 
why do you want to use /etc/password. use some enterprise directory to 
authenticate against.
 
For an enterprise if it is large (or grows to lare enterprise ) having 
/etc/password replicated everywhere and in sync would be calling for trouble.
 
use PAM + Openldap for directory and any authentication server(preferably 
kerberos or SAML based ) to authenticate. this would also help in lot of 
povisoning scenarions.
 
cheers,
abhishek
 
> From: r...@linux-delhi.org
> To: il...@frodo.hserus.net
> Date: Sat, 21 May 2011 12:30:43 +0530
> Subject: Re: [ilugd] Virtual users mapped to system users
> 
> On Saturday 21 May 2011, Varad Gupta wrote:
> > Pls see =>
> > http://permalink.gmane.org/gmane.mail.imap.courier.general/27589
> > 
> > You can replace the SQL statements with grep/awk on /etc/passwd
> > 
> > These and other similar lines will need to be replaced =>
> > 
> > SQL=($(dosql "SELECT uid,pw,mpath,mquota FROM passwd WHERE
> > uid='$ID'"))
> > 
> > 
> > SQL=($(dosql "SELECT uid,pw,mpath,mquota FROM passwd WHERE uid='$ID'
> > AND pw='$PW'"))
> > 
> > To test if the passwd is correct (auth is OK), you can use the
> > openssl command to generate an md5 hash and match with /etc/shadow
> > (here i am assuming you script will run as root and can read
> > /etc/shadow). There might be other ways to do this, but this one
> > struck me easily.
> 
> Yeah, I was also looking around for a command-line tool that will allow 
> me to test authentication against PAM. Neither of the two tools I could 
> find on the 'net (pamck and pamauth) seem to be easily available, 
> keeping on looking.
> 
> As a last resort one could use direct auth against {passwd,shadow}, but 
> that would be absolutely the last resort. I'd rather make a Perl PAM 
> script that does that before going into grep & co!
> 
> Regards,
> 
> -- Raj
> -- 
> Raj Mathur r...@kandalaya.org http://kandalaya.org/
> GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
> PsyTrance & Chill: http://schizoid.in/ || It is the mind that moves
> 
> _______________________________________________
> Ilugd mailing list
> Ilugd@lists.linux-delhi.org
> http://frodo.hserus.net/mailman/listinfo/ilugd
                                          
_______________________________________________
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd

Reply via email to