Will pam_mkhomedir work for non-existing unix accounts
Ken Dreyer
ktdreyer at ktdreyer.com
Thu Mar 22 13:19:46 EDT 2012
On Thu, Mar 22, 2012 at 11:01 AM, Tiago Elvas <tiagoelvas at gmail.com> wrote:
>
> Can I make pam to work so that I don't need to create a unix account for
> each new kerberos user?
You don't mention which platform you're on, so I'm guessing Linux...
Kerberos provides authentication, but not identity information. PAM is
a framework for handling authentication, whereas NSS is the framework
for handling identification on Linux. Your best option for a
centralized identity solution is probably LDAP. You'll want to look at
something like nss_ldap, nss-pam-ldapd, or sssd.
pam_mkhomedir is really just the equivalent of running "mkdir $HOME"
when a user first logs in; it doesn't actually set $HOME to begin
with.
- Ken
More information about the Kerberos
mailing list