[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and NT'ed Linux ..

Luke Kenneth Casson Leighton <lkcl@regent.push.net> writes:

> >   I think what they mean is that instead of the current pam_smb module's
> > configuration file specifying a PDC and a BDC and a domain to try and log
> > into, let the user that is authentication override the domain if they know
> > what they are doing.
> yes.  or more that the default domain is that listed in /etc/pam_smb.conf,
> but that you can specify other domains if you know they exist.
> >  So at the login prompt, I could do:
> > 
> > kramer login: AVENTAIL/wmperry
> > 
> > to authenticate against the AVENTAIL domain, or TESTDOM/testuser to log
> > into a test domain.  
> > 
> > The question is whether there would be any way to then strip the AVENTAIL/
> > from the username the application has read.  I don't know how the current
> > pamified apps work, but in our socks server I do not query PAM_USER_DATA
> > again, I just use what the user gave me before I started
> > pam_authenticate().
> > 
> > ie: if I login with AVENTAIL/wmperry, then 'wmperry' should be my unix
> > userid, etc.
> i would like to go a little more sophisticated than just
> "AVENTAIL/wmperry maps to wmperry" - i would like to map
> "AVENTAIL/Administrator to root" and "TESTDOM/guestuser to nobody" etc.

  Well, one mapping is as easy/hard to do as another. :) I changed our PAM
modules last night to always use what pam_get_item(...,PAM_USER,...) thinks
it is.

-Bill P.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []