Hello, I have created a patch for pam_userdb that I would like to post for your consideration We had a situation here where there is a userid that is shared amongst several people. The desire was to have unique passwords for each person, while still allowing them to assume the same UID when logged in. Traditional SU/SUDO solutions were not acceptable because the application needed to interact with xscreensaver in such a way that if the x interface locked, the next shift could unlock it with their unique password. In addition we needed to generate an audit message in the logs so that we could say "Bob was who was logged in as the shared account at that time". Simple passwords were deemed sufficient for this as it's not a particularly sensitive operation. pam_userdb + key_only works perfectly for this. I setup a db which contained: [shared account]-password1 <username1> [shared account]-password2 <username2> [shared account]-password3 <username3> . . . I then tweaked pam_userdb to add an optional switch: audit_out which is only valid in conjunction with key_only. When audit_out is set, the assumption is that the data that is normally in the "password" field is now in fact the "username" and a message will be generated to the logs indicating the username that is associated with key_only password entered. On my system (SuSE 9.3) it comes with the older, pam-0.78.8 I was able to compile/build and test this patch without issue. I have also downloaded PAM-0.99.6.3, and have created a patch for that version as well. Unfortunately I don't have all of the necessary co-reqs (specifically lex/yywrap stuff) so while all indications are my 0.99.6.3 patch will work fine, I can't compile it to be certian that it works correctly. (I can't upgrade/download the missing dependencies right now either). Since this is my first time posting something to any community for consideration I wanted to post to the list first to make sure I followed the correct procedure. Should I just post the definitively working patch from the older base, and/or post the probably working 99.6.3 patch. Thanks in advance for your advice and consideration. Jeremy __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
