[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap user authentication, PAM and chsh (change shell): how to make it work?

To: OpenLDAP Technical <openldap-technical@openldap.org>
Subject: Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
From: Howard Chu <hyc@symas.com>
Date: Sat, 15 Dec 2018 18:15:04 +0000
In-reply-to: <20181214202417.GA9807@bic.mni.mcgill.ca>
References: <20181214202417.GA9807@bic.mni.mcgill.ca>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53

Jean-Francois Malouin wrote:
> Hi,
> 
> Please, bear with me! I know that this is not an openldap question per se, but
> I've been banging my head on the wall for a long time on this issue and maybe
> someone knows the quick answer: with user authentication coming from LDAP, what
> is the magic that has to inserted with the PAM stuff on a client to allow users
> to change their login shells using 'chsh'? I've been googling this for hours to
> no avail.  I nice hint would just suffice.

The PAM API has no support for changing anything besides the password. The NSS API
has no support for changing anything at all, it is purely read-only. Any solution
for what you want to do is going to be non-standard, site- and implementation-specific.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>

References:
- ldap user authentication, PAM and chsh (change shell): how to make it work?
  - From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>

Prev by Date: RE24 testing call (2.4.47) LMDB RE0.9 testing call (0.9.23)
Next by Date: Re: ldap user authentication, PAM and chsh (change shell): how to make it work?
Index(es):
- Chronological
- Thread