Max Liccardo wrote: > > Steve Langasek ha scritto: > > > The terminology tends to be a bit confusing. When it says 'the service', > > it refers to the service the user will have access to *after* PAM has > > authenticated. E.g., should we give this person (PAM_RUSER) access to the > > rlogin service (PAM_RLOGIN) as user 'root' (PAM_USER)? > > > > right...the problem is that PAM is local-user oriented, i.e. PAM is a > way to authenticate a local user by some external modules and not from > an application directly. The problem arises when I want to authenticate > a non local-user(pop, tacacs, radius). In this case there is no > information about the user into the system repository (etc/passwd or > similar)..in fact the user doesn't really exist ;-)...it is just an > entry into some external repository (no uid, no euid and so on)!!! > the only user is the one with two identity: one local to the sistem > running the module (i.e. the user radius if the server runs other than > root) and one for the repository connection. a bit confusing, > really..... Does this make it any clearer (section 4.1): ftp://linux.kernel.org/pub/linux/libs/pam/pre/doc/draft-morgan-pam-07.txt I believe that you want to put the name of your non local-user into PAM_USER. Your application needs to avoid using this username for any getpw* calls (unless it can resolve the mapping of this user to some uid). Cheers Andrew
