* [PVE-User] Shell without realm 'pam'
@ 2021-02-11 10:19 Maximilian Hill
2021-02-11 11:58 ` Thomas Lamprecht
0 siblings, 1 reply; 4+ messages in thread
From: Maximilian Hill @ 2021-02-11 10:19 UTC (permalink / raw)
To: pve-user
[-- Attachment #1: Type: text/plain, Size: 195 bytes --]
Hello,
is it, somehow, possible, to allow users in a specific group to use the
shell without signing in in realm 'pam'?
Specifically, we need to use it with an AD realm.
Regards,
Maximilian
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PVE-User] Shell without realm 'pam'
2021-02-11 10:19 [PVE-User] Shell without realm 'pam' Maximilian Hill
@ 2021-02-11 11:58 ` Thomas Lamprecht
2021-02-11 12:25 ` Maximilian Hill
2021-02-11 12:32 ` Marco Gaiarin
0 siblings, 2 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-02-11 11:58 UTC (permalink / raw)
To: Proxmox VE user list, Maximilian Hill
Hi,
On 11.02.21 11:19, Maximilian Hill wrote:
> Hello,
>
> is it, somehow, possible, to allow users in a specific group to use the
> shell without signing in in realm 'pam'?
Currently not.
> Specifically, we need to use it with an AD realm.
To be clear, with what credentials would the login in the PVE shell?
Is the LDAP also exposed in the system and valid for login or do they
have credentials of an existing PAM user?
cheers,
Thomas
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PVE-User] Shell without realm 'pam'
2021-02-11 11:58 ` Thomas Lamprecht
@ 2021-02-11 12:25 ` Maximilian Hill
2021-02-11 12:32 ` Marco Gaiarin
1 sibling, 0 replies; 4+ messages in thread
From: Maximilian Hill @ 2021-02-11 12:25 UTC (permalink / raw)
To: Thomas Lamprecht; +Cc: Proxmox VE user list
[-- Attachment #1: Type: text/plain, Size: 689 bytes --]
Hi,
On Thu, Feb 11, 2021 at 12:58:40PM +0100, Thomas Lamprecht wrote:
> > Specifically, we need to use it with an AD realm.
>
> To be clear, with what credentials would the login in the PVE shell?
>
> Is the LDAP also exposed in the system and valid for login or do they
> have credentials of an existing PAM user?
Currently we want users of a specific group to be able to use the shell
as root, whithout a dedicated PAM user.
Another option we would have, would be to integrate the PVE node itself into
the domain and make use of sudo. But that would come with some company-related
difficulties and guidelines. For that reason we use AD for the web UI only.
max
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PVE-User] Shell without realm 'pam'
2021-02-11 11:58 ` Thomas Lamprecht
2021-02-11 12:25 ` Maximilian Hill
@ 2021-02-11 12:32 ` Marco Gaiarin
1 sibling, 0 replies; 4+ messages in thread
From: Marco Gaiarin @ 2021-02-11 12:32 UTC (permalink / raw)
To: pve-user
Mandi! Thomas Lamprecht
In chel di` si favelave...
> Is the LDAP also exposed in the system and valid for login or do they
> have credentials of an existing PAM user?
Effectively this lead me to a side-question.
If LDAP/AD users are also exposed to system (PAM/NSS) via
lib(pam|nss)-ldap(d) and/or winbind, what is the difference?
Could be that a simple flag can be raised 'also available to PAM
stack'?
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-11 12:32 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-11 10:19 [PVE-User] Shell without realm 'pam' Maximilian Hill
2021-02-11 11:58 ` Thomas Lamprecht
2021-02-11 12:25 ` Maximilian Hill
2021-02-11 12:32 ` Marco Gaiarin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox