I have created an NSS and a PAM module in order to authenticate and get users and groups from a custom remote server.
In order to get them used by the system I am adding a line in /etc/pam.d/sshd:
auth sufficient myPAMmodule.so
and in /etc/nsswitch.conf:
passwd: files sss myNSSmodule
shadow: files sss myNSSmodule
group: files sss myNSSmodule
The question is how to configure these (or anything else) in order to avoid calling my modules in case an ssh is made with a local user.
Adding a linux module with sufficient before my module
auth sufficient pam_env.so
seems necessary. By adding an initgroups line without my module
initgroups: files sss
makes id command to work only locally for local user ( but gets only primary group for user).
But still whenever I perform ssh user@localhost I still see remote calls for local users.
