Linux groups information from RADIUS server
1.41421 at gmail.com
Mon Apr 22 23:10:43 CEST 2019
My understanding is that, when a Linux server delegates authentication
chores (via PAM) to a RADIUS server, the information having to do with the
groups that the authenticated user belongs to is retrieved either locally -
from the relevant entry in /etc/passwd - or from a remote server via NSS -
for example, from an LDAP server.
Is there anything preventing one from getting the group information from
the RADIUS server itself? The RADIUS server could be configured so that,
when a user has been successfully authenticated by said server, this server
would send back the authentication OK RADIUS message together with one or
more attributes containing the groups information.
The reason I am asking this is because I have interacted with some devices
in the past that were able to get these data from a RADIUS server alone.
However, I don't know if this was achieved with the concourse of a
mechanism similar to what I described, or something totally different.
More information about the Freeradius-Users