On Tue, 2013-01-08 at 12:00 -0500, pam-list-request@xxxxxxxxxx wrote: > On Fri, 4 Jan 2013 16:13:27 -0800 > Dylan Martin <dmartin@xxxxxxxxxxxxxxxxxx> wrote: > > > With pam's flow-through-the-stack nature, I thought there might be a > > module that would change the user name for authentication purposes. > > Theoretically this is possible. However some services do break under > these conditions if the username changes. For example OpenSSH has a > problem with this. The main exception is, if characters are turned > upper- or lowercase. > > Some time ago I did write a PAM module that indeed alters the > username. > You can find the source code here: > https://github.com/datenwolf/pam_propperpwnam > > >From the README: > > |pam_propperpwnam > | > |A PAM module that uses the entered login name as key to > |query the password database configured through nsswitch.conf > |and replaces the login name with what has been returned. > | > |On the typical system this module performs an identity transform. > |The main usage scenario are systems in networks where a user name > |is used in several distinct authentication systems, some of them > |being case sensitive and others not. For example the mail system > |may do case insensitive username lookups, while the workstations > |are case sensitive. In such environments users are often puzzeled > |about a username working in one situation does not work in another. > > There's a pam_python module, that allows you to write PAM modules with > Python. This is great for experimentation, I suggest you experiment > with this. > > But keep in mind that some things will break if you alter the login > name; technically those things are broken and should be fixed. Good > luck with filing bugs. > You may also have to create an NSS module that performs the same translation / canonicalisation so that user information functions (getpwnam et al.) work as expected. Cheers, - Martin _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
