Re: login capabilities mappings
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: login capabilities mappings
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Egoitz Aurrekoetxea <egoitz [at] sarenet.es>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: login capabilities mappings
- Date: Mon, 24 Oct 2016 21:39:04 +0200 (CEST)
On Mon, 24 Oct 2016, Egoitz Aurrekoetxea wrote:
Is it possible through nss-pam-ldapd to be able to store which login
class in FreeBSD a users belongs to, in OpenLDAP ?. I needed it for
assigning different MAC labels to each user. The login capabilities in a
login class to which a user belongs can be found in /etc/login.conf.
This is currently unsupported in nss-pam-ldapd. The NSS module sets the
login class to an empty string.
This shouldn't be too difficult to add code-wise but it would mean the
nslcd protocol (spoken between the nslcd daemon and NSS and PAM modules)
would need to be extended or be system-specific (currently it is platform
and architecture independant).
I'm also not sure about any commonly used LDAP schema for storing login
class.
Kind regards,
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
