RSS feed

Re: login capabilities mappings

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: login capabilities mappings

Hi Arthur,

Thanks a lot for your time. Understood :). I think I'll try to hack the code when I'll have some time for that :)

I'll keep you informed.

Best regards,

El 24/10/16 a las 21:39, Arthur de Jong escribió:
On Mon, 24 Oct 2016, Egoitz Aurrekoetxea wrote:

Is it possible through nss-pam-ldapd to be able to store which login class in FreeBSD a users belongs to, in OpenLDAP ?. I needed it for assigning different MAC labels to each user. The login capabilities in a login class to which a user belongs can be found in /etc/login.conf.

This is currently unsupported in nss-pam-ldapd. The NSS module sets the login class to an empty string.

This shouldn't be too difficult to add code-wise but it would mean the nslcd protocol (spoken between the nslcd daemon and NSS and PAM modules) would need to be extended or be system-specific (currently it is platform and architecture independant).

I'm also not sure about any commonly used LDAP schema for storing login class.

Kind regards,


Egoitz Aurrekoetxea
Departamento de sistemas
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia)

Antes de imprimir este correo electrónico piense si es necesario hacerlo.
To unsubscribe send an email to or see