[29196] in Kerberos
Re: How to determine the authentication domain of a user ?
daemon@ATHENA.MIT.EDU (Gaurab Paul)
Thu Feb 7 02:22:42 2008
Message-ID: <abe3dd8f0802062124meb2d9bdk57e4c23b35c653fc@mail.gmail.com>
Date: Thu, 7 Feb 2008 10:54:48 +0530
From: "Gaurab Paul" <gaurab.paul@gmail.com>
To: "Edward Murrell" <edward@murrell.co.nz>
In-Reply-To: <1202358452.5836.4.camel@fusion>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Ed,
thank you.
So, do you have any suggestions on how do we reliably know against which
domain (local/NIS) a user has authenticated against while logging in ? If
there is a POSIX API or portable API or even OS commands across major UNIX
versions please let us know.
Thanks,
On Feb 7, 2008 9:57 AM, Edward Murrell <edward@murrell.co.nz> wrote:
> Hi,
>
> NSS doesn't configure the order of authentication, it does (among other
> things, the order of look up for user is in what group and owns what
> files (or more accurately, which UID/GIDs map to which user/groups).
>
> Authentication is performed by PAM. (see /etc/pam.d/). Authconfig is a
> Redhat utility which (if I recall correctly, I'm not at work right now)
> works modifies the files the /etc/nsswitch.conf
> and /etc/pam.d/system-auth-config, as well as any extra files that may
> be required by NSS and PAM. Under Redhat, most other pam.d systems use
> the system-auth-config file as well for authentication
>
> Hope that clears things up!
>
> Cheers,
> Edward
>
> On Wed, 2008-02-06 at 19:47 -0800, vasantha.prabhu wrote:
> > Hi,
> >
> > Suppose if there are two user accounts with the same name (vprabhu on
> > local (i.e. files) as well as NIS), then /etc/nsswitch.conf determines
> > which domain to authenticate against. However, depending on the OS
> > (for example authconfig settings in linux) can alter the nsswitch.conf
> > procedure.
> >
> > For example,
> >
> > cat /etc/nsswitch.conf|grep passwd
> > passwd: nis files
> >
> > then if vprabhu logs in it will be authenticated against NIS. However,
> > if authconfig settings are "Local authorization is sufficient" is ON,
> > it will authenticate against FILES.
> >
> > Now, given this situation, how do we reliably know against which
> > domain (local/NIS) a user has authenticated against while logging in ?
> > If there is a POSIX API or portable API or even OS commands across
> > major UNIX versions please let us know.
> >
> > Thanks
>
>
>
--
thanks and regards,
Gaurab
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
