Leon, > Would you, please, look at the following 3 lines of code > /* Grab the user information out of the password file for future usage > First get the username that we are actually using, though. > */ > retcode = pam_get_item(pamh, PAM_USER, (const void **) &username); > setpwent(); /* > line 635 */ > pwd = getpwnam(username); /* line 636 */ > if (pwd) initgroups(username, pwd->pw_gid); /* line 637 */ > If we use PAM module, how come we "Grab the user information out of the > password file for future usage" > PAM doesn't have access to remote database, does it? It doesn't make any > sense for me. > getpwnam() fails (user is unreachable), login fails as well. The purpose of 'login' is to provide a person local access to a system's resources as an authenticated user. In order to use this service with a remote authentication database, there MUST be a mechanism for mapping the remotely authenticated user to a uid on the local system. Since this mechanism is not specified by the PAM API, it is assumed that this information will be made available through the standard C library calls (getpwnam, getpwuid, getpwent), either by populating the local /etc/passwd file with entries for all users, or by using an alternate NSS (name service switch) module to provide access to a central database. HTH, Steve Langasek postmodern programmer
