nss-pam-ldapd icon indicating copy to clipboard operation
nss-pam-ldapd copied to clipboard

Published 20 hours ago verified publisher icon arthurdejong

Is it possible to retrieve an LDAP specific attribute and make it available for other pam module ?

Open Mixlu101 opened this issue 4 years ago • 2 comments

I was wondering if it's possible to retrieve an LDAP specific attribute and make it available to a further pam module.

It could be useful if we need to check for a specific value before accepting the authentication for example. In my mind this verification could be done in a custom pam_script or pam_exec.

Mixlu101 avatar Jun 18 '21 06:06 Mixlu101

This is really similar to the question I came here to ask, which is "can we support U2F public keys?" ... this is actually a more versatile solution, as if you can present other LDAP attributes to PAM then you can basically support U2F devices right there.

gregharvey avatar Oct 10 '23 06:10 gregharvey

In theory it would be possible for a PAM module to set environment variables with pam_putenv() but I'm not 100% sure the values can be passed through to different PAM modules. This is currently not implemented in nss-pam-ldapd though.

arthurdejong avatar Mar 03 '24 18:03 arthurdejong