[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Multiple Root & Hotmail -- synthesis



A thought-

	It seems that two recent threads (multiple root and email
server) both revolve around wanting to give users access without
looking in the traditional (/etc/passwd,...) databases.  I propose a
module (call it pam_virtual) that looks in an arbitrary database file,
depending on the current environment.  I considered writing something
like this to support a virtual POP server, so that's where my thought
process is coming from, but I think we can extend it to a number of
useful circumstances.  Here's my idea:

   - User tries to authenticate to a service.

   - His username and auth token (passwd, whatever) get passed into
PAM, along with auxiliary information (the remote host, local host,
current groups, time of day, whatever).

   - Based on the auxiliary info, PAM chooses which database to
authenticate the user to, and does the authentication


Take the example of a virtual POP server: a user connects to
someipalias.foo.com.  The server gets his username and password, and
passes them along to PAM, along with the result of getsockname().  PAM
sees that the request came to someipalias, and authenticates the user
to the passwd.someipalias database instead of the default.  Stir
vigorously with a complementary NSS configuration, and voila! Virtual
POP server.

I don't see a "nice" way to actually implement something like this,
unfortunately.  Comments?

-mike






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []