This is precisely the problem I'm having now. I have got a PAM module which is doing radius based auth and acct management functions but we have the added pain in the butt of needing to offer shell accounts. This unfortunately make life a lot harder and as yet I haven't thought of a way I could implement something similar to what you have and still keep providing shell access. I think I'm going to have to hack around with the PAM module I'm using and the applications that use PAM to do this. As unclean as it may be, a better (quicker, easier, more general) alternative hasn't presented itself yet. Regards, Richard ---------- From: Jonathan Ruano Sent: Wednesday, 28 October 1998 19:06 To: email@example.com Subject: Re: How do I get rid of passwd/shadow files I dont think it'll be difficult to implement an authenticating PAM module, but information gathering is another thing. PAM-enabled FTP daemons use PAM to authenticate, but then usually do getpwnam or so.. I wonder if this would suppose a bigger hack... :-?