How to determine the authentication domain of a user ?

Edward Murrell edward at murrell.co.nz
Wed Feb 6 23:27:31 EST 2008


Hi,

NSS doesn't configure the order of authentication, it does (among other
things, the order of look up for user is in what group and owns what
files (or more accurately, which UID/GIDs map to which user/groups).

Authentication is performed by PAM. (see /etc/pam.d/). Authconfig is a
Redhat utility which (if I recall correctly, I'm not at work right now)
works modifies the files the /etc/nsswitch.conf
and /etc/pam.d/system-auth-config, as well as any extra files that may
be required by NSS and PAM. Under Redhat, most other pam.d systems use
the system-auth-config file as well for authentication

Hope that clears things up!

Cheers,
Edward

On Wed, 2008-02-06 at 19:47 -0800, vasantha.prabhu wrote:
> Hi,
> 
> Suppose if there are two user accounts with the same name (vprabhu on
> local (i.e. files) as well as NIS), then /etc/nsswitch.conf determines
> which domain to authenticate against. However, depending on the OS
> (for example authconfig settings in linux) can alter the nsswitch.conf
> procedure.
> 
> For example,
> 
> cat /etc/nsswitch.conf|grep passwd
> passwd:     nis files
> 
> then if vprabhu logs in it will be authenticated against NIS. However,
> if authconfig settings are "Local authorization is sufficient" is ON,
> it will authenticate against FILES.
> 
> Now, given this situation, how do we reliably know against which
> domain (local/NIS) a user has authenticated against while logging in ?
> If there is a POSIX API or portable API  or even OS commands across
> major UNIX versions please let us know.
> 
> Thanks





More information about the Kerberos mailing list