On Pá, 2015-01-30 at 13:59 +0000, Giddings, Bret wrote: > Hi all, > > I can't find anything online that matches this so it doesn't look like > pam already has this feature. > > At my site, many users will either use NETBIOSDOMAIN\username or > username@dns-domain when trying to authenticate. Depending on luck, > either might work on things windows related. However, when we slip > into the linux realm, both will fail. So, I was wondering if there > were a module which would sanitise the supplied username and strip > (specified) prefixes or suffixes if present. That would then result in > far fewer support calls to the helpdesk when they were in fact > presenting perfectly valid credentials, albeit with known but > redundant prefixes or suffixes. > > Is this possible at all? The problem is that some services that call PAM, namely sshd, do not support changing the user name inside the PAM modules. The modules can internally change the user name but it will not affect getpwnam() calls outside the PAM. So the module as you describe it would not be too useful with such services. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list