Closed bbergquist0930 closed 9 months ago
This leaf is indeed implemented in sysrepo, and it's used to control whether the UNIX groups of the user are included in the group list or not. This calls into the system C library via getgrouplist(3)
and getgrid_r(3)
. On a glibc-based system, this means that it will respect whatever NSS settings you have, so if your system is configured to retrieve the group list from LDAP or Radius, for example, so will sysrepo.
The RFC terminology might be a bit misleading, but at least in case of SSH, this "transport layer" is what actually performs authentication, and since this is done once again using the system C-library functions to map to Unix system accounts, I think that this is a consistent behavior.
Thanks you and thank you for the link to the code as well. I did peruse the code but missed that.
Not sure if this should be asked here in Netopeer2 or in Sysrepo where it appears that the NACM in implemeted.
In the NACM YANG model there is this
It that supported by the combinations of packages in any way? In doing some research it appear that the YumaWorks packages provides the ability to register an API callback which can provide a list of external groups. I was wondering if there was anything similar to Netopeer2/Sysrepo?