On Fri, 4 Jan 2013 16:13:27 -0800 Dylan Martin <dmartin@xxxxxxxxxxxxxxxxxx> wrote: > With pam's flow-through-the-stack nature, I thought there might be a > module that would change the user name for authentication purposes. Theoretically this is possible. However some services do break under these conditions if the username changes. For example OpenSSH has a problem with this. The main exception is, if characters are turned upper- or lowercase. Some time ago I did write a PAM module that indeed alters the username. You can find the source code here: https://github.com/datenwolf/pam_propperpwnam >From the README: |pam_propperpwnam | |A PAM module that uses the entered login name as key to |query the password database configured through nsswitch.conf |and replaces the login name with what has been returned. | |On the typical system this module performs an identity transform. |The main usage scenario are systems in networks where a user name |is used in several distinct authentication systems, some of them |being case sensitive and others not. For example the mail system |may do case insensitive username lookups, while the workstations |are case sensitive. In such environments users are often puzzeled |about a username working in one situation does not work in another. There's a pam_python module, that allows you to write PAM modules with Python. This is great for experimentation, I suggest you experiment with this. But keep in mind that some things will break if you alter the login name; technically those things are broken and should be fixed. Good luck with filing bugs. Cheers, Wolfgang _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
