Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Steve Langasek (vorlonnetexpress.net)
Date: Tue Sep 04 2001 - 11:40:01 CDT
On Tue, 4 Sep 2001, Mike Turek wrote:
> We have PAM running using Kerberos to store the passwords and have run
> into a problem. Seems that PAM will only authenticate a user if that user
> has an account on the machine PAM is running on, even if it can find the
> name & password. Is there any way to point PAM in another direction, or
> stop it doing this check altogether?
This is not a limitation of PAM; PAM does not care if the user is local to the
Unix system or not.
However, many applications and some PAM modules (some of which are buggy in
this regard) do require that the user have a local account. For instance,
it's not meaningful to authenticate a user to the 'login' service or the
'ssh' service if they don't have a local unix account.
If you're looking for ways to scalably manage network-wide account databases,
I suggest looking into NSS (Name Service Switch), the libc plugin API for
getxx() function calls.
Pam-list mailing list