I have a IPA server running. This server has users who are member to
various groups. I want to query the IPA server from an IPA client to know
whether a user is a member to a group.
I want to do this from the OpenVPN service using the openvpn_auth_pam.so.
Normally one uses this like this:
This queries the PAM login (and thus IPA) is the username/password from
openvpn is valid. the "login" is /etc/pam.d/login. OpenVPN docs say you
could use other modules instead of login.
So, I would like to add the next line:
openvpn_auth_pam.so group <username> "openvpn"
Where a /etc/pam.d/group file would check whether the user is member of the
group "openvpn". If not, false is returned and the login attempt (thru
Is this possible? If not is there a better way?
Freeipa-users mailing list