>Problem is: PAM_USER can be changed by the modules, so having a global >pw buf is asking for trouble unless the modules will change that when >they change PAM_USER. Also, not all modules will need to do >getpwnam_r(). And, this would be adding a new API of sorts. Applications should re-check PAM_USER after calling pam_authenticate() (and, obviously, call getpwnam() again if they need to). This allows template users to be supported a la FreeBSD (login as some arbitary account name understood by the PAM module, but actually be mapped to a UNIX account for POSIX and authorization purposes... lets you deal with virtual users more easily). -- Luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com
