Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Map user #43

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Map user #43

wants to merge 3 commits into from

Conversation

basvandervlies
Copy link

This is POC so we can run in a mixed environment where we can map our logins to SRAM username. For example the user bas is known in our CUA environment and has a home directory, uid, gid, ...

This is user is not known in the SRAM environment. But I want to use pam-weblogin for authentication. Then we create
a mapping file:

bas:  <username_in_sram>

So pam-weblogin will use <username_in_sram> for authentication when we ssh:

  • ssh bas@<login_node>

and if there is no mapping then given username is used in this example jaap

  • ssh jaap@

@basvandervlies
POC THis maps cua loginname --> SRAM
b797c3c 
This useful in a mixed environment when the loginnames are not
equal to the SRAM usernames. WE can then easily convert
the different ones.

Inspiration from: ! https://mariadb.com/kb/en/user-and-group-mapping-with-pam/

WE use the same input filename
@basvandervlies
adjust header user_map.c
5a21865
@basvandervlies
removed code
6cdbce0
@baszoetekouw
Copy link
Member

Hi Bas,
Thanks for the PR! I think this is pretty useful functionality.
I need to take a somewhat deeper look at the parsing logic of the user mapping file though. It's not obvious to me how it works exactly. I hope to find an hour or two to look at it in more detail next week.

@basvandervlies
Copy link
Author

Thanks the code for parsing is from mariadb pam plugin. Another thing what that poped-up. Is that in our environment and maybe others we prefix the login/username with eg: sram- or <cba account>-. So maybe add a prefix option The prefix is then removed before sending it to sram.

@baszoetekouw
Copy link
Member

That's a pretty nice idea actually. Would would still need user mapping like in this PR if we would have support for prefixes?

@basvandervlies
Copy link
Author

Just back from holidays. Prefixes is just another option that solves another issue. The user mapping is still nice to have so we can use the current logins on the system.

@baszoetekouw
Copy link
Member

Hi Bas,
Sorry for being quiet on this PR for a while. I would still like to merge it, but before I do that, I would like to add unit tests to pam_weblogin, so that we can actually test this functionality easily.
I'll try to get around to that soonish.

Gr,
Bas.

@FlorisFokkinga FlorisFokkinga added this to the v36 milestone Aug 23, 2024
@baszoetekouw baszoetekouw removed this from the v36 milestone Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@baszoetekouw baszoetekouw

Labels
None yet
Projects
SRAM development
Status: In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@basvandervlies @baszoetekouw @FlorisFokkinga