PAM-MySQL authenticating group

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've had a good look round all over the place, but can't find any clear
answers about this...

I've got a remote VPN login system in development using RADIUS and
PAM-MySQL to validate a user/password combo, but I also want to
incorporate a concept of the user being within one or more groups.

If the user enters a correct user-name and password, but the group
requested doesn't match their allowed groups, then reject their login

I've assumed there would be some sort of PAM conversation requirement
to capture the requested group but can't see how to enable this.

Otherwise, would a further PAM module be required to authenticate this
group selection?

Any help would be greatly appreciated....!

Re: PAM-MySQL authenticating group

Quoted text here. Click to load it

I've never use Radius at all, but RFC 2865 doesn't mention about group
concept. Does the user say "hey, I want to belong to XYZ group" in
Radius negotiation? How is he doing that (from his point of view)?

Quoted text here. Click to load it

Stanislaw Klekot

Site Timeline