SSHD and PAM
Sudarshan Soma
sudarshan12s at gmail.com
Thu Jan 4 19:18:19 AEDT 2018
Thanks so much for the inputs. Yes Let me try to use NSS for getting just
the username and keep RADIUS/TACACS server to authenticate.
Regards,
Ivan.
On Wed, Jan 3, 2018 at 8:50 PM, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Wed, Jan 03, 2018 at 04:03:39PM +0100, Michael Ströder wrote:
> > Sudarshan Soma wrote:
> > > Does sssd/NSS has a way to fetch user names from sources like
> > > RADIUS/TACACS server?
> > My impression is that while this might be theoretically possible, nobody
> > does this. Especially it's not clear to me how you would push group
> > membership to the system. And AFAICS in case of TACACS+ there's also
> > only a single "role" available (translate this to single group).
>
> Just for the sake of completeness: TACACS+ can return arbitrary
> key-value pairs, so you can build whatever authorization / grouping
> scheme on top of TACACS+ that you want.
>
> Not sure anyone has done that before, so this advice is still valid:
>
> > So the usual answer is: Use LDAP.
>
> ... as more people have done it, thus more software supports it, and
> things are more likely to "just work".
>
> gert
> --
> now what should I write here...
>
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
>
More information about the openssh-unix-dev
mailing list