How to determine the authentication domain of a user ?
Gaurab Paul
gaurab.paul at gmail.com
Thu Feb 7 00:24:48 EST 2008
Hi Ed,
thank you.
So, do you have any suggestions on how do we reliably know against which
domain (local/NIS) a user has authenticated against while logging in ? If
there is a POSIX API or portable API or even OS commands across major UNIX
versions please let us know.
Thanks,
On Feb 7, 2008 9:57 AM, Edward Murrell <edward at murrell.co.nz> wrote:
> Hi,
>
> NSS doesn't configure the order of authentication, it does (among other
> things, the order of look up for user is in what group and owns what
> files (or more accurately, which UID/GIDs map to which user/groups).
>
> Authentication is performed by PAM. (see /etc/pam.d/). Authconfig is a
> Redhat utility which (if I recall correctly, I'm not at work right now)
> works modifies the files the /etc/nsswitch.conf
> and /etc/pam.d/system-auth-config, as well as any extra files that may
> be required by NSS and PAM. Under Redhat, most other pam.d systems use
> the system-auth-config file as well for authentication
>
> Hope that clears things up!
>
> Cheers,
> Edward
>
> On Wed, 2008-02-06 at 19:47 -0800, vasantha.prabhu wrote:
> > Hi,
> >
> > Suppose if there are two user accounts with the same name (vprabhu on
> > local (i.e. files) as well as NIS), then /etc/nsswitch.conf determines
> > which domain to authenticate against. However, depending on the OS
> > (for example authconfig settings in linux) can alter the nsswitch.conf
> > procedure.
> >
> > For example,
> >
> > cat /etc/nsswitch.conf|grep passwd
> > passwd: nis files
> >
> > then if vprabhu logs in it will be authenticated against NIS. However,
> > if authconfig settings are "Local authorization is sufficient" is ON,
> > it will authenticate against FILES.
> >
> > Now, given this situation, how do we reliably know against which
> > domain (local/NIS) a user has authenticated against while logging in ?
> > If there is a POSIX API or portable API or even OS commands across
> > major UNIX versions please let us know.
> >
> > Thanks
>
>
>
--
thanks and regards,
Gaurab
More information about the Kerberos
mailing list