Re: How to determine the authentication domain of a user ?
- From: Edward Murrell <edward@xxxxxxxxxxxxx>
- Date: Thu, 07 Feb 2008 17:45:45 +1300
The log files should list which pam module someone used to. Once someone
has logged in though, the user is tracked as a UID, rather than a
particular domain user. There may be environment variables listed that
you could look at though, but certainly nothing like an API.
On Thu, 2008-02-07 at 10:07 +0530, Gaurab Paul wrote:
Hi Ed,
thank you.
So, do you have any suggestions on how do we reliably know against
which domain (local/NIS) a user has authenticated against while
logging in ? If there is a POSIX API or portable API or even OS
commands across major UNIX versions please let us know.
Thanks,
On Feb 7, 2008 9:57 AM, Edward Murrell <edward@xxxxxxxxxxxxx> wrote:
Hi,
NSS doesn't configure the order of authentication, it does
(among other
things, the order of look up for user is in what group and
owns what
files (or more accurately, which UID/GIDs map to which
user/groups).
Authentication is performed by PAM. (see /etc/pam.d/).
Authconfig is a
Redhat utility which (if I recall correctly, I'm not at work
right now)
works modifies the files the /etc/nsswitch.conf
and /etc/pam.d/system-auth-config, as well as any extra files
that may
be required by NSS and PAM. Under Redhat, most other pam.d
systems use
the system-auth-config file as well for authentication
Hope that clears things up!
Cheers,
Edward
On Wed, 2008-02-06 at 19:47 -0800, vasantha.prabhu wrote:
> Hi,
>
> Suppose if there are two user accounts with the same name
(vprabhu on
> local (i.e. files) as well as NIS), then /etc/nsswitch.conf
determines
> which domain to authenticate against. However, depending on
the OS
> (for example authconfig settings in linux) can alter the
nsswitch.conf
> procedure.
>
> For example,
>
> cat /etc/nsswitch.conf|grep passwd
> passwd: nis files
>
> then if vprabhu logs in it will be authenticated against
NIS. However,
> if authconfig settings are "Local authorization is
sufficient" is ON,
> it will authenticate against FILES.
>
> Now, given this situation, how do we reliably know against
which
> domain (local/NIS) a user has authenticated against while
logging in ?
> If there is a POSIX API or portable API or even OS commands
across
> major UNIX versions please let us know.
>
> Thanks
--
thanks and regards,
Gaurab
.
- References:
- How to determine the authentication domain of a user ?
- From: vasantha.prabhu
- How to determine the authentication domain of a user ?
- Prev by Date: Re: How to determine the authentication domain of a user ?
- Next by Date: Re: How to determine the authentication domain of a user ?
- Previous by thread: Re: How to determine the authentication domain of a user ?
- Next by thread: Re: How to determine the authentication domain of a user ?
- Index(es):
Relevant Pages
|
