Freeradius-Users Digest, Vol 124, Issue 3
JCA
1.41421 at gmail.com
Tue Aug 4 22:21:37 CEST 2015
> On Aug 3, 2015, at 11:45 PM, JCA <1.41421 at gmail.com> wrote:
>>> What's with the one letter acronyms? It just makes things harder to understand.
>>
>> It's for conciseness - it's simpler to write R than "RADIUS server"
>> every time. My apologies if this misled you.
>
> It doesn't mislead. It's confusing and broken. "l33t" speak isn't useful, and is discouraged on this list.
It's not "l33t" speak; it's compact notation in order to keep things
short and to the point. My apologies if that confuses you.
>
>>> What you want is impossible to do. PAM is designed to do authentication. You CANNOT set group membership with PAM.
>>
>> You can't, or you shouldn't?
>
> I distinctly recall writing CANNOT.
>
>> What prevents one from writing a PAM
>> module (or modifying an existing one) so that it will receive group
>> information from the RADIUS server and modify /etc/group accordingly
>> before returning to the caller?
>
> Reality?
>
> Writing to /etc/group is forbidden. For very good reasons.
>
> Alan DeKok.
Well, I have just tried (as root, in CentOS) to edit /etc/group by
hand, and I had no problems. Is it not the case that if the RADIUS PAM
module runs as root, it will also be able to do so?
More information about the Freeradius-Users
mailing list