问题
pam_ldap, pam_kerberos, etc all allow the user to be dynamically added to a set of groups based on the data in ldap or kerberos respectively. However, when I look at the PAM documentation and every example I've found on a PAM module, its all purely authentication and has nothing to do with group membership.
Can anyone point me to what needs to be done to have my module change group membership?
Ideally, I'd love it if I could use this in conjunction with something like pam_exec.so, so I can write my code in any language of my choosing rather than C, but I'm open to any suggestion that will work here.
来源:https://stackoverflow.com/questions/39802215/how-to-write-a-pam-module-which-changes-group-membership