How to determine the authentication domain of a user ?
Edward Murrell
edward at murrell.co.nz
Wed Feb 6 23:45:45 EST 2008
The log files should list which pam module someone used to. Once someone
has logged in though, the user is tracked as a UID, rather than a
particular domain user. There may be environment variables listed that
you could look at though, but certainly nothing like an API.
On Thu, 2008-02-07 at 10:07 +0530, Gaurab Paul wrote:
> Hi Ed,
>
> thank you.
>
> So, do you have any suggestions on how do we reliably know against
> which domain (local/NIS) a user has authenticated against while
> logging in ? If there is a POSIX API or portable API or even OS
> commands across major UNIX versions please let us know.
>
> Thanks,
>
> On Feb 7, 2008 9:57 AM, Edward Murrell <edward at murrell.co.nz> wrote:
> Hi,
>
> NSS doesn't configure the order of authentication, it does
> (among other
> things, the order of look up for user is in what group and
> owns what
> files (or more accurately, which UID/GIDs map to which
> user/groups).
>
> Authentication is performed by PAM. (see /etc/pam.d/).
> Authconfig is a
> Redhat utility which (if I recall correctly, I'm not at work
> right now)
> works modifies the files the /etc/nsswitch.conf
> and /etc/pam.d/system-auth-config, as well as any extra files
> that may
> be required by NSS and PAM. Under Redhat, most other pam.d
> systems use
> the system-auth-config file as well for authentication
>
> Hope that clears things up!
>
> Cheers,
> Edward
>
>
> On Wed, 2008-02-06 at 19:47 -0800, vasantha.prabhu wrote:
> > Hi,
> >
> > Suppose if there are two user accounts with the same name
> (vprabhu on
> > local (i.e. files) as well as NIS), then /etc/nsswitch.conf
> determines
> > which domain to authenticate against. However, depending on
> the OS
> > (for example authconfig settings in linux) can alter the
> nsswitch.conf
> > procedure.
> >
> > For example,
> >
> > cat /etc/nsswitch.conf|grep passwd
> > passwd: nis files
> >
> > then if vprabhu logs in it will be authenticated against
> NIS. However,
> > if authconfig settings are "Local authorization is
> sufficient" is ON,
> > it will authenticate against FILES.
> >
> > Now, given this situation, how do we reliably know against
> which
> > domain (local/NIS) a user has authenticated against while
> logging in ?
> > If there is a POSIX API or portable API or even OS commands
> across
> > major UNIX versions please let us know.
> >
> > Thanks
>
>
>
>
>
>
> --
> thanks and regards,
>
> Gaurab
More information about the Kerberos
mailing list