[clug] Pam module restricting ranges of UIDs
Michael James
michael at james.st
Tue Apr 8 11:35:39 EST 2003
Using pam I've got username/passwords being checked:
first against the local password/shadow file
then against a windows domain controller using krb5.
If they pass locally, they're in. (sufficient)
Works fine even if users have different passwords in each place.
Tries one and (if necessary) tries the other.
Trouble is, windows seems to accept any password
for some funny system accounts.
This includes one called "root". Bad Bad Bad.
At present I'm holding the line with pam_listusers.so
and adding them to a file /etc/windows_users.
But to save maintaining that file
it would be better to base it on UID.
All the valid windows users have UIDs in the range 20,000 - 40,000
Anyone seen a pam module that checks UID
or should I start extending pam_localuser.so
to do some extra tests beside just looking for existence?
michaelj
--
Michael James michael at james.st
Network Programmer voice: 02 6246 5040
More information about the linux
mailing list