Can I set the user to authenticate as?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all, thanks for reading.

I'm trying to set up authentication against a remote imap server that
I don't run.  I've got pam_imap working, so everything is fine as long
as the username on my box is the same as the username on imap server.
I'd like to somehow make it possible for someone to log in as a
different name than is submitted to the imap server.  The fact that
I'm using imap really shouldn't matter.

I run a web server for a community college.  We have an email server
run by the district.  I work at one of the campuses.  I have zero
control over the email server at district.  I want to authenticate
users on my web server with their imap accounts (because I hate
resetting passwords).  Unfortunately, most web server account names
are different from the imap account names.  For example 'english' or
'lab' might be reasonable account names on my web server but that web
account will be managed by a human with an email account (and IMAP
username) like 'jdoe'.

What I need is for someone to log in as 'lab' with a password and have
PAM ask the IMAP server to authenticate jdoe, and if that succeeds,
let them log in as 'lab'.
That means pam would somehow have to know to translate 'lab' into
'jdoe' for the conversation with the IMAP server and NOT then try to
log the user in as 'jdoe' on the web server if the IMAP authentication
succeeded.

With pam's flow-through-the-stack nature, I thought there might be a
module that would change the user name for authentication purposes.
Like this maybe:

auth required pam_localuser.so
auth required pam_map_user.so file=/etc/usermap
auth requisite pam_imap.so

I've actually done this before by hacking a module to both map a local
user to a remote username AND perform the authentication check.  It
seems odd to me that I'd need to combine those steps.

Is there a better way to handle this problem?

Thanks!
-Dylan

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux