[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and NT'ed Linux ..

>   I think what they mean is that instead of the current pam_smb module's
> configuration file specifying a PDC and a BDC and a domain to try and log
> into, let the user that is authentication override the domain if they know
> what they are doing.

yes.  or more that the default domain is that listed in /etc/pam_smb.conf,
but that you can specify other domains if you know they exist.

>  So at the login prompt, I could do:
> kramer login: AVENTAIL/wmperry
> to authenticate against the AVENTAIL domain, or TESTDOM/testuser to log
> into a test domain.  
> The question is whether there would be any way to then strip the AVENTAIL/
> from the username the application has read.  I don't know how the current
> pamified apps work, but in our socks server I do not query PAM_USER_DATA
> again, I just use what the user gave me before I started
> pam_authenticate().
> ie: if I login with AVENTAIL/wmperry, then 'wmperry' should be my unix
> userid, etc.

i would like to go a little more sophisticated than just
"AVENTAIL/wmperry maps to wmperry" - i would like to map
"AVENTAIL/Administrator to root" and "TESTDOM/guestuser to nobody" etc.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []