On 08.01.2009 20:55, Francesco Di Natale wrote:
Hello all,
I have been looking in the archives that somebody talks about changing
the username by using PAM
(http://www.redhat.com/archives/pam-list/2008-November/msg00009.html).
I am facing with the same problem. I would like to access using OpenSSH
another machine in which there is a PAM module that carry out a change
of user. Let me explain it better. What I am trying to do is:
1. Through OpenSSH the user inputs as username 'anonymous' and
password 'anonymous' too.
2. The PAM module tries to map 'guest' to 'system' and doesn't mind
about the password.
3. The final result would be to see the prompt showing
'system@mycomputer$' and the corresponding folder mounted as the
working one.
This is the piece of code that is supposed to make the change of user:
int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,const char
**argv)
{
int retval = pam_set_item(pamh, PAM_USER, "system");
return PAM_SUCCESS;
}
BUT the log says that 'anonymous' is not a valid user and it doesn't log
as 'system'. My questions are:
* Despite the fact that I have created 'anonymous' as user, I
haven't been capable of mapping the user 'system' with PAM.
* I have taking a look to NSS (which is one of the solutions given
in the previously mentioned thread) and don't know how does it fit
in this structure. Am I wrong?
* Is OpenSSH fault because it seems that doesn't take into account
the change of user?
* Is user mapping possible in this structure (OpenSSH + PAM)?
That is a feature of OpenSSH. It is OpenSSH that is responsible for setting
UID/GID and supplementary GIDs before starting user session. pam_set_item(pamh,
PAM_USER, "system") sets only user name PAM is authenticating as, but OpenSSH
doesn't check whether PAM_USER was changed during pam_authenticate() or not.
Questions about OpenSSH are more appropriate in their mailing list.
--
Sincerely Your, Dan.
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
