Authentication via Pam LDAP
Bweb Authentication system users + Linux System Authentication via Pam LDAP
Its possible to have the following authentication workflow with Bweb: Ldap Authentication + Linux Server Pam + Bweb System Authentication
Linux Server Pam LDAP Authentication
https://wiki.debian.org/LDAP/PAM
https://www.howtoforge.com/linux_ldap_authentication
On Bweb Side Configure Bweb System Users, just check the checkbox of Systems Users Authentication and add bacula to the System Wheel Group.
How to add a wheel group in Linux Server
When a server had to be maintained at a higher level than the day-to-day system administrator, root rights were often required. The ‘wheel’ group was used to create a pool of user accounts that were allowed to get that level of access to the server. If you weren’t in the ‘wheel’ group, you were denied access to root.
Simple speaking, the wheel group is a group of users allowed to access root user.
Let us take an example of Red Hat Linux server. First, make sure there is a wheel group in the /etc/group file.
wheel:x:10:root
If the above line does not exist, add it.
You must put users that you want to be admins into the wheel group. To do this, add the user to the end of the wheel group line. This will make the wheel group a secondary group.
Second, change into the /etc/pam.d directory, and edit the file su.
This file controls the access to the program su and modifies its behaviors during the authentication process. The change will modify the access so that only those in the wheel group have access to the program su.
Find these lines in /etc/pam.d/su:
# Uncomment the following line to require a user to be in the ?wheel? group.
#auth required pam_wheel.so use_uid
And change them (as suggested) to this:
# Uncomment the following line to require a user to be in the ?wheel? group.
auth required pam_wheel.so use_uid
Then, expand the permissions in sudo to account for those with wheel permissions. Edit the configuration file with visudo and change these lines:
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
To this
# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL
This will allow anyone in the wheel group to execute commands using sudo. It would also allow anyone this sort of access on any machine that they have wheel group membership.