Making a module re-enter the stack

[Martin]

> I was curious.  Is it possible to create a module that can re-enter the
> stack of modules?  Here's what I am interested in creating.
> 
> I constantly get a copy of security logs mailed to me, and they consist of
> one particular individual who has different usernames with different
> companies.  I'd like to create a module that will scan an "aliases" file,
> and check the username and it's aliases against the current service's
> configuration.
> 
> It's easy enough to build something that can grab a list of aliases from a
> file, but I'm not sure if its even possible to force PAM to try again with
> a "different" username.  I know it's also easy enough not to enter an
> endless loop by using a flag - "I have been here".
> 
> Ideas?
You don't need to 're-enter' PAM to change the username.  See the PAM
application guide and the PAM module guide, there is at least one
reference to this being done explicitly.  If you are interested I have a
mostly finished aliasing module.  However this isn't necessarily the
complete answer to your problems.  Depending on the application it may
use the username for performing other calls and unless it is very
carefully written to only take this from PAM then you could be faced
with having to implement a hack to libnss which would be significantly
less fun.

In short, yes it's do able if you want I'll send you the code however to
make it work the way you want you might have to hack / patch the
applications.  Which would be a general improvement to the free software
world but not necessarily the path of least resistance.

HTH

Sweet Dreams,
 - Martin

-- 
Martin
inkubus at interalpha.co.uk
"Seasons change, things come to pass"