Re: Dynamically creating users at login



On Mon, 2003-10-20 at 03:59, Julian King wrote:
> > > I'm not aware of any PAM module that does this for the local unix pwd
> > > database.  But I suppose someone could modify the pam_unix module to
> > > just run useradd and try again.
> > > 
> > Could you tell me where to start on that?
> > Like I said, I'm a newbie when it comes to PAM.
> 
> We have a config file in /etc/pam.d:
> 
> --------------------------------------------------
> # Allow either NetWare or Unix authentication.
> # Future versions may only allow NetWare.
> auth            required        pam_listfile.so item=user sense=deny file=/etc/s
> ecurity/fakeusers
> auth            required        pam_nologin.so
> auth            sufficient      pam_unix.so
> auth            requisite       pam_ncp_auth.so
> auth            required        pam_cachepw.so
> 
> account         required        pam_run.so /usr/sbin/pwfsession
> 
> session         required        pam_run.so /usr/sbin/pwfsession
> session         required        pam_unix.so
> session         optional        pam_console.so
> session         optional        pam_lastlog.so
> session         optional        pam_motd.so
> 
> password        required        pam_ncp_auth.so 
> 
> ------------------------------------------------
> 
> And then we have /usr/sbin/pwfsession (see attatched) which indeed calls
> useradd (along with some other magic).  The script itself is tailored to our
> specific needs, but should be usable as a template to create your own.
> 
> We are aware that it has shortcomings, but it has worked for a while.
> 
> Note, that the code is (as far as we are concerned) released under the GPL,
> and for the purpose of this email is copyright Ben Harris.
> 
> Additionally you'll need pam-run, which is a small pam module which
> executes the appropriate code with the appropriate options, that should be
> attatched too.
> 
> This is also I believe copyright Ben Harris, and made available under the
> GPL.
> 
> I know that we haven't included copyright headers, I hope that people will
> do the correct thing, not least of all because it is mostly, pretty
> trivial code.
> 
> 
> Note, that whilst what I have included does work you may need to patch
> things like gdm in order to use them - I would have to check.  We
> submitted and had accepted our patch to xdm however.  Also ssh is a pain
> because they don't understand (or agree with our understanding) of PAM.
> :-)
> 
> 
> > Thanks,
> > Harold
> 
> I hope that helps,
> 
> Julian
> --
> Julian King
> Computer Officer, University of Cambridge, Unix Support
<snip>
Thanks, I certianly appreciate your code and will treat it as GPL'd.
Could this be modified so that it would run a GUI user management tool?
I'm not sure what I would use (preferably something where users could
only be added instead of deleted).
The idea is to make this as "user friendly" for windoze users as
possible.

Thanks,
Harold



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]