On Jul 25, 2011, at 17:24, Tim Nowaczyk <tan7f@xxxxxxxxxxxx> wrote: > > On Jul 25, 2011, at 5:04 PM, Frank Van Damme wrote: > >> 2011/7/25 Jason Clifford <jason@xxxxxxxxxx>: >>> On Mon, Jul 25, 2011 at 2:11 PM, Frank Van Damme <frank.vandamme@xxxxxxxxx> >>> wrote: >>>> >>>> I'd like to change a user's shell based on group membership. The group >>>> membership is no problem - that's what pam_listfile is for. Changing >>>> the shell, however, seems non-obvious. I've looked at the source code >>>> of pam_unix and it provides the path to the users login shell >>>> according to /etc/passwd, so it should be possible for a pam module to >>>> set the shell to an arbitrary value, right? >>> >>> No because it's the ssh daemon or the login process that sets the shell. >> >> So they each use their own methods like grepping /etc/passwd, doing >> ldap lookups, or whatever it takes to come up with a shell - like >> "nothing" in the case of obscure authentication methods that the >> application happens to know nothing about? >> > This is out of scope for the pam list, but you should know that you can simply call getpwnam so you don't have to grep /etc/passwd. Many large installations don't even have most of their users in /etc/passwd, but use NIS or LDAP instead. getpwnam uses NSS to get all the users/passwords/groups. Your initial feature request might be able to be implemented by writing a custom NSS module. [1] > > Cheers, > Tim Nowaczyk > > [1] http://www.gnu.org/s/hello/manual/libc/Extending-NSS.html#Extending-NSS > > > -- > Timothy Nowaczyk > Network Systems Engineer > University of Virginia - ITC > tan7f@xxxxxxxxxxxx > > > > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list Actually this is already handled in most NIS and some LDAP Implementations using a syntax like: +@group::::::/bin/myshell (I may be off on the number of colons). in the /etc/passwd file. Read the docs for your platform's passwd file syntax and the nsswitch.conf file. Solaris can do this, your mileage may vary. Fat fingered from my iPad -- miscorrections happen. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
