Authentication and authorization with PAM
Alan DeKok
aland at deployingradius.com
Tue Aug 4 09:00:02 CEST 2015
On Aug 3, 2015, at 11:45 PM, JCA <1.41421 at gmail.com> wrote:
>> What's with the one letter acronyms? It just makes things harder to understand.
>
> It's for conciseness - it's simpler to write R than "RADIUS server"
> every time. My apologies if this misled you.
It doesn't mislead. It's confusing and broken. "l33t" speak isn't useful, and is discouraged on this list.
>> What you want is impossible to do. PAM is designed to do authentication. You CANNOT set group membership with PAM.
>
> You can't, or you shouldn't?
I distinctly recall writing CANNOT.
> What prevents one from writing a PAM
> module (or modifying an existing one) so that it will receive group
> information from the RADIUS server and modify /etc/group accordingly
> before returning to the caller?
Reality?
Writing to /etc/group is forbidden. For very good reasons.
Alan DeKok.
More information about the Freeradius-Users
mailing list