Re: Can I set the user to authenticate as?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Fri, 4 Jan 2013 16:13:27 -0800
Dylan Martin <dmartin@xxxxxxxxxxxxxxxxxx> wrote:

> With pam's flow-through-the-stack nature, I thought there might be a
> module that would change the user name for authentication purposes.

Theoretically this is possible. However some services do break under
these conditions if the username changes. For example OpenSSH has a
problem with this. The main exception is, if characters are turned
upper- or lowercase.

Some time ago I did write a PAM module that indeed alters the username.
You can find the source code here:

>From the README:

|A PAM module that uses the entered login name as key to
|query the password database configured through nsswitch.conf
|and replaces the login name with what has been returned.
|On the typical system this module performs an identity transform.
|The main usage scenario are systems in networks where a user name
|is used in several distinct authentication systems, some of them
|being case sensitive and others not. For example the mail system
|may do case insensitive username lookups, while the workstations
|are case sensitive. In such environments users are often puzzeled
|about a username working in one situation does not work in another.

There's a pam_python module, that allows you to write PAM modules with
Python. This is great for experimentation, I suggest you experiment
with this.

But keep in mind that some things will break if you alter the login
name; technically those things are broken and should be fixed. Good
luck with filing bugs.



Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux