On August 10, 2015, Michael Torrie wrote: > Here's an article on implementing pam_mysql and nss_mysql
Great article, but one question it leaves me. In the article, they don't ever use the useradd script. Does useradd ONLY write to /etc/passwd, etc... ? Or, if the table is formed correctly, can it write to the mysql (or other xSQL) table? That is an important question for me. Also, how does such pam_mysql and nss_mysql interface with the quota system? I mean, I know that the actual fs quota stuff is stored by UID/GID, not username/group name. But if I set the pam_mysql/nss_mysql stuff up, and do a setquota, will it accept the username? Answers to these questions, or where I could find such answers, are most helpful. Thanks guys! --- Dan On Wed, Aug 12, 2015 at 10:08 PM, Michael Torrie <[email protected]> wrote: > On 08/12/2015 11:05 PM, Michael Torrie wrote: > > On 08/11/2015 09:39 AM, Daniel Fussell wrote: > >> On 08/10/2015 09:47 PM, Michael Torrie wrote: > >>> [1] In case anyone is curious, an easy way to do this is by making the > >>> kerberos principals be something like "username/admin@DOMAIN", and > >>> then telling the local admin account to allow logins from > >>> */admin@DOMAIN. That way the local account needn't be modified when > >>> other principals are created or deleted. > >> > >> I tried using */admin@DOMAIN with .k5login to map admin users to a > local > >> admin account, but it turns out wildcards aren't supported in .k5login. > >> How did you set it up with pam and nss to do the mapping? > > > > I don't have access to any machines that I set up anymore, but I recall > > using wildards in .k5login and it worked just fine. This was on RHEL6 > > machines. > > > > Except for enabling Kerberos through the RH authconfig utility (which > > sets up pam_krb5), I didn't make any changes to pam or nss. > > I could be misremembering. It's bugging me. Might have to contact my > old office and have them check, though maybe none of the servers I > worked on are still there. > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
