SSHD and PAM
Michael Ströder
michael at stroeder.com
Thu Jan 4 02:03:39 AEDT 2018
Sudarshan Soma wrote:
> Does sssd/NSS has a way to fetch user names from sources like
> RADIUS/TACACS server?
My impression is that while this might be theoretically possible, nobody
does this. Especially it's not clear to me how you would push group
membership to the system. And AFAICS in case of TACACS+ there's also
only a single "role" available (translate this to single group).
So the usual answer is: Use LDAP.
> We wanted to enable RADIUS/TACACS Authentication using PAM and enabling PAM
> in sshd.
You could implement password authc for sshd (to be on-topic here) via
pam_radius and let LDAP serve the NSS part. Not sure whether it's worth
the effort though.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180103/d9aea1af/attachment.p7s>
More information about the openssh-unix-dev
mailing list