I do not consider "an NFS-shared list" to be in any way secure.
Consider using OpenLDAP or a similar shared-security server protocol of known robustness. These will allow you to efficiently administer multiple systems .. including dissimilar types of systems.
The mechanism for handling this authorization on your Linux box will still be PAM, in the sense that Linux asks PAM a question and PAM applies its rules to get an answer. But the ruleset will be different: perhaps in addition to other authentication methods, PAM will query LDAP.
|