I was looking at GLAuth and this PAM plugin to see if it could solve a use case for me, but if I'm understanding the code correctly this looks for a 'local' user by parsing /etc/passwd, then tries to bind locally, returning the GECOS information as part of the user info.
What I want to do is to stack this will the GLAuth LDAP backend - and have a plugin like this only intercept the bind operation, with no local lookups, group interpretation, etc. The bind would call the local PAM process (wasn't sure what defines the PAM 'service' used by this plugin).
I could try to hack that together for myself but I was hoping it could be added as an option - like a BindOnly boolean that takes the first DN value passed in as the 'username' to use (e.g. uid=,< rest of basedn>).
If that is too far out of scope or if I need to hack that myself, feel free to close this.
I was looking at GLAuth and this PAM plugin to see if it could solve a use case for me, but if I'm understanding the code correctly this looks for a 'local' user by parsing /etc/passwd, then tries to bind locally, returning the GECOS information as part of the user info.
What I want to do is to stack this will the GLAuth LDAP backend - and have a plugin like this only intercept the bind operation, with no local lookups, group interpretation, etc. The bind would call the local PAM process (wasn't sure what defines the PAM 'service' used by this plugin).
I could try to hack that together for myself but I was hoping it could be added as an option - like a BindOnly boolean that takes the first DN value passed in as the 'username' to use (e.g. uid=,< rest of basedn>).
If that is too far out of scope or if I need to hack that myself, feel free to close this.