Re: Dynamically creating users at login

On Mon, 2003-10-20 at 03:59, Julian King wrote:
> > > I'm not aware of any PAM module that does this for the local unix pwd
> > > database.  But I suppose someone could modify the pam_unix module to
> > > just run useradd and try again.
> > > 
> > Could you tell me where to start on that?
> > Like I said, I'm a newbie when it comes to PAM.
> We have a config file in /etc/pam.d:
> --------------------------------------------------
> # Allow either NetWare or Unix authentication.
> # Future versions may only allow NetWare.
> auth            required item=user sense=deny file=/etc/s
> ecurity/fakeusers
> auth            required
> auth            sufficient
> auth            requisite
> auth            required
> account         required /usr/sbin/pwfsession
> session         required /usr/sbin/pwfsession
> session         required
> session         optional
> session         optional
> session         optional
> password        required 
> ------------------------------------------------
> And then we have /usr/sbin/pwfsession (see attatched) which indeed calls
> useradd (along with some other magic).  The script itself is tailored to our
> specific needs, but should be usable as a template to create your own.
> We are aware that it has shortcomings, but it has worked for a while.
> Note, that the code is (as far as we are concerned) released under the GPL,
> and for the purpose of this email is copyright Ben Harris.
> Additionally you'll need pam-run, which is a small pam module which
> executes the appropriate code with the appropriate options, that should be
> attatched too.
> This is also I believe copyright Ben Harris, and made available under the
> GPL.
> I know that we haven't included copyright headers, I hope that people will
> do the correct thing, not least of all because it is mostly, pretty
> trivial code.
> Note, that whilst what I have included does work you may need to patch
> things like gdm in order to use them - I would have to check.  We
> submitted and had accepted our patch to xdm however.  Also ssh is a pain
> because they don't understand (or agree with our understanding) of PAM.
> :-)
> > Thanks,
> > Harold
> I hope that helps,
> Julian
> --
> Julian King
> Computer Officer, University of Cambridge, Unix Support
Thanks, I certianly appreciate your code and will treat it as GPL'd.
Could this be modified so that it would run a GUI user management tool?
I'm not sure what I would use (preferably something where users could
only be added instead of deleted).
The idea is to make this as "user friendly" for windoze users as


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]