RSS feed

Re: login capabilities mappings

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: login capabilities mappings

On Mon, 24 Oct 2016, Egoitz Aurrekoetxea wrote:

Is it possible through nss-pam-ldapd to be able to store which login class in FreeBSD a users belongs to, in OpenLDAP ?. I needed it for assigning different MAC labels to each user. The login capabilities in a login class to which a user belongs can be found in /etc/login.conf.

This is currently unsupported in nss-pam-ldapd. The NSS module sets the login class to an empty string.

This shouldn't be too difficult to add code-wise but it would mean the nslcd protocol (spoken between the nslcd daemon and NSS and PAM modules) would need to be extended or be system-specific (currently it is platform and architecture independant).

I'm also not sure about any commonly used LDAP schema for storing login class.

Kind regards,

-- arthur - - --
To unsubscribe send an email to or see