Re: Dynamically creating users at login
- From: Harold Martin <cocoadev earthlink net>
- To: Julian King <jpk28 cus cam ac uk>
- Cc: gdm sunsite dk
- Subject: Re: Dynamically creating users at login
- Date: Mon, 20 Oct 2003 07:15:39 -0700
On Mon, 2003-10-20 at 03:59, Julian King wrote:
> > > I'm not aware of any PAM module that does this for the local unix pwd
> > > database. But I suppose someone could modify the pam_unix module to
> > > just run useradd and try again.
> > >
> > Could you tell me where to start on that?
> > Like I said, I'm a newbie when it comes to PAM.
>
> We have a config file in /etc/pam.d:
>
> --------------------------------------------------
> # Allow either NetWare or Unix authentication.
> # Future versions may only allow NetWare.
> auth required pam_listfile.so item=user sense=deny file=/etc/s
> ecurity/fakeusers
> auth required pam_nologin.so
> auth sufficient pam_unix.so
> auth requisite pam_ncp_auth.so
> auth required pam_cachepw.so
>
> account required pam_run.so /usr/sbin/pwfsession
>
> session required pam_run.so /usr/sbin/pwfsession
> session required pam_unix.so
> session optional pam_console.so
> session optional pam_lastlog.so
> session optional pam_motd.so
>
> password required pam_ncp_auth.so
>
> ------------------------------------------------
>
> And then we have /usr/sbin/pwfsession (see attatched) which indeed calls
> useradd (along with some other magic). The script itself is tailored to our
> specific needs, but should be usable as a template to create your own.
>
> We are aware that it has shortcomings, but it has worked for a while.
>
> Note, that the code is (as far as we are concerned) released under the GPL,
> and for the purpose of this email is copyright Ben Harris.
>
> Additionally you'll need pam-run, which is a small pam module which
> executes the appropriate code with the appropriate options, that should be
> attatched too.
>
> This is also I believe copyright Ben Harris, and made available under the
> GPL.
>
> I know that we haven't included copyright headers, I hope that people will
> do the correct thing, not least of all because it is mostly, pretty
> trivial code.
>
>
> Note, that whilst what I have included does work you may need to patch
> things like gdm in order to use them - I would have to check. We
> submitted and had accepted our patch to xdm however. Also ssh is a pain
> because they don't understand (or agree with our understanding) of PAM.
> :-)
>
>
> > Thanks,
> > Harold
>
> I hope that helps,
>
> Julian
> --
> Julian King
> Computer Officer, University of Cambridge, Unix Support
<snip>
Thanks, I certianly appreciate your code and will treat it as GPL'd.
Could this be modified so that it would run a GUI user management tool?
I'm not sure what I would use (preferably something where users could
only be added instead of deleted).
The idea is to make this as "user friendly" for windoze users as
possible.
Thanks,
Harold
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]