Hi all, thanks for reading. I'm trying to set up authentication against a remote imap server that I don't run. I've got pam_imap working, so everything is fine as long as the username on my box is the same as the username on imap server. I'd like to somehow make it possible for someone to log in as a different name than is submitted to the imap server. The fact that I'm using imap really shouldn't matter. I run a web server for a community college. We have an email server run by the district. I work at one of the campuses. I have zero control over the email server at district. I want to authenticate users on my web server with their imap accounts (because I hate resetting passwords). Unfortunately, most web server account names are different from the imap account names. For example 'english' or 'lab' might be reasonable account names on my web server but that web account will be managed by a human with an email account (and IMAP username) like 'jdoe'. What I need is for someone to log in as 'lab' with a password and have PAM ask the IMAP server to authenticate jdoe, and if that succeeds, let them log in as 'lab'. That means pam would somehow have to know to translate 'lab' into 'jdoe' for the conversation with the IMAP server and NOT then try to log the user in as 'jdoe' on the web server if the IMAP authentication succeeded. With pam's flow-through-the-stack nature, I thought there might be a module that would change the user name for authentication purposes. Like this maybe: auth required pam_localuser.so auth required pam_map_user.so file=/etc/usermap auth requisite pam_imap.so I've actually done this before by hacking a module to both map a local user to a remote username AND perform the authentication check. It seems odd to me that I'd need to combine those steps. Is there a better way to handle this problem? Thanks! -Dylan _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
