Open Laikulo opened 2 weeks ago
This might be moot, it looks like PAM only allows authentication as the current user. This may be useful for users that run moonraker under their own user (as is pretty typical), but doesn't cover the case of moonraker running as its own user, or in a shared-use case.
Is your feature request related to a problem? Please describe
No
Describe the solution you'd like
A new auth source that is backed by PAM, supporting at least the 'auth' (credentials verification) and
account
(is the user permitted to use moonraker).This would almost certainly be a non-interactive (in PAM terms).
This would allow for shared user information across multiple systems on a server, gain the benefit of system user cache (sssd and similar), and allow for a more typical linux-y way of managing users.
Describe alternatives you've considered
password
action to existing pam with a custom module that sets the user's moonraker password when a corresponding user changes their passwordAdditional information
It would be valuable to be able to configure the "service" that moonraker uses, possibly defaulting to
login
for a oob-functional default. It may also be desirable to allow filtering of users/groups at the moonraker level. Even though this is supported by PAM itself, that's not something novices are likely going to be able to do.