How to determine the authentication domain of a user ?

Edward Murrell edward at murrell.co.nz
Wed Feb 6 23:45:45 EST 2008


The log files should list which pam module someone used to. Once someone
has logged in though, the user is tracked as a UID, rather than a
particular domain user. There may be environment variables listed that
you could look at though, but certainly nothing like an API.

On Thu, 2008-02-07 at 10:07 +0530, Gaurab Paul wrote:
> Hi Ed,
> 
> thank you.
> 
> So, do you have any suggestions on how do we reliably know against
> which domain (local/NIS) a user has authenticated against while
> logging in ? If there is a POSIX API or portable API  or even OS
> commands across major UNIX versions please let us know.
> 
> Thanks,
> 
> On Feb 7, 2008 9:57 AM, Edward Murrell <edward at murrell.co.nz> wrote:
>         Hi,
>         
>         NSS doesn't configure the order of authentication, it does
>         (among other
>         things, the order of look up for user is in what group and
>         owns what
>         files (or more accurately, which UID/GIDs map to which
>         user/groups).
>         
>         Authentication is performed by PAM. (see /etc/pam.d/).
>         Authconfig is a
>         Redhat utility which (if I recall correctly, I'm not at work
>         right now)
>         works modifies the files the /etc/nsswitch.conf
>         and /etc/pam.d/system-auth-config, as well as any extra files
>         that may
>         be required by NSS and PAM. Under Redhat, most other pam.d
>         systems use
>         the system-auth-config file as well for authentication
>         
>         Hope that clears things up!
>         
>         Cheers,
>         Edward
>         
>         
>         On Wed, 2008-02-06 at 19:47 -0800, vasantha.prabhu wrote:
>         > Hi,
>         >
>         > Suppose if there are two user accounts with the same name
>         (vprabhu on
>         > local (i.e. files) as well as NIS), then /etc/nsswitch.conf
>         determines
>         > which domain to authenticate against. However, depending on
>         the OS
>         > (for example authconfig settings in linux) can alter the
>         nsswitch.conf
>         > procedure.
>         >
>         > For example,
>         >
>         > cat /etc/nsswitch.conf|grep passwd
>         > passwd:     nis files
>         >
>         > then if vprabhu logs in it will be authenticated against
>         NIS. However,
>         > if authconfig settings are "Local authorization is
>         sufficient" is ON,
>         > it will authenticate against FILES.
>         >
>         > Now, given this situation, how do we reliably know against
>         which
>         > domain (local/NIS) a user has authenticated against while
>         logging in ?
>         > If there is a POSIX API or portable API  or even OS commands
>         across
>         > major UNIX versions please let us know.
>         >
>         > Thanks
>         
>         
>         
> 
> 
> 
> -- 
> thanks and regards,
> 
> Gaurab




More information about the Kerberos mailing list