[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Does PAM support virtual users?

Nalin Dahyabhai wrote:

> Under glibc, what happens when an application calls functions like
> getpwnam() and getpwuid() etc. is entirely configurable.  Under the
> covers, glibc calls a series of modules in much the same way libpam
> does.  Just which modules are queried is configured in /etc/nsswitch.conf.
> The glibc info pages on the Name Service Switch are very helpful here.

That sounds exactly like what I want! I have read the glibc info pages on
NSS and have started to study the nss_ldap sources, but they look really
complicated, in particular I am puzzled about the excpected "reentrancy" of
the module although the functions do not return or receive something like
a "private data handle". Are there any other sources for information,
preferrably some other examples?

> The disadvantage of "virtual" users is that I can't see any way to do it
> withouth hacking each program that needs to support them one by one.

Using an appropriate nss module would exactly fill my needs. The only
difference I can see is that I prefer a common UID for all mail only

> Forcing multiple users to the same UID is also a problem because there's
> no way to get the name back based on just the UID, which I suspect most
> software will want to do at some time or another.

I am not interested in most software, but precisely sendmail, procmail and
imapd. :-)

Thanks a lot,


Jochen Wiedmann						joe@ispsoft.de
XMas is like M$: You're wasting a lot of time for	+49 7123 14887
and are doing funny things you've never expected to do.
The difference is January ...

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []