Re: pam authentication based on group membership

To: Debian User <debian-user@lists.debian.org>
Subject: Re: pam authentication based on group membership
From: Stefan Radomski <sr@oop.info>
Date: Sat, 13 Mar 2004 05:40:02 +0100
Message-id: <[🔎] 405290A2.4090106@oop.info>
In-reply-to: <[🔎] 40526977.201@oop.info>
References: <[🔎] 40526977.201@oop.info>

Uhh, I found it and will describe it here for anyone else who mightencounter the same problem.


Stefan Radomski wrote:

Hi there,
I have libpam-ldap running with libnss-ldap just fine, now I want tohave different user groups for the several services like imap, smtp andothers. I have read the description for the libpam-modules, but noneseems to solve the problem.

pam_listfile does, just create some acl with one identifier per line,where an identifier can be a groupname, a username or something else asdescribed here:

http://www.linuxdevcenter.com/pub/a/linux/excerpt/lsckbk_chap1/index3.html

[-- snip --]

narf:/# cat /etc/acl/imap
#used by /etc/pam.d/imap - a list of groups to be member of to use imap
imap

narf:/# cat /etc/pam.d/imap
#%PAM-1.0
#auth       sufficient  /lib/security/pam_ldap.so
#auth       required    /lib/security/pam_unix_auth.so try_first_pass
#account    sufficient  /lib/security/pam_ldap.so
#account    required    /lib/security/pam_unix_acct.so

auth required /lib/security/pam_listfile.so file=/etc/acl/imapitem=group sense=allow onerr=fail


@include common-auth
@include common-account

[-- snip --]

that will only allow members of the group imap to authenticate via imap.

hth
stefan

Reply to:

References:
- pam authentication based on group membership
  - From: Stefan Radomski <sr@oop.info>

Prev by Date: VIAJES R & Q programacion
Next by Date: Re: Re: aol art files:
Previous by thread: pam authentication based on group membership
Next by thread: famd runaway??
Index(es):
- Date
- Thread