Making a module re-enter the stack

[Martin]

> > You don't need to 're-enter' PAM to change the username.  See the PAM
> > application guide and the PAM module guide, there is at least one
> > reference to this being done explicitly.  If you are interested I have a
> > mostly finished aliasing module.  However this isn't necessarily the
> > complete answer to your problems.  Depending on the application it may
> > use the username for performing other calls and unless it is very
> > carefully written to only take this from PAM then you could be faced
> > with having to implement a hack to libnss which would be significantly
> > less fun.
> I will consult that.  I'd prefer the module to do all the work, just
> looking up an aliases map file and trying to inject the "new" username and
> the original password back into the stack.
Yes, that's sort of the point I was trying to make but wasn't being
particularly clear about.  It is theoretically speaking possible to
handle this entirely in PAM.  However some applications may not check
what the username is after the calls to PAM or use libnss/getpwnam et
al. before calling PAM thus you may find, depending on the application,
that you have to patch the application and / or write a custom libnss
module / alter whatever libnss reads from.

The key issue is that the username is used for authetication services
(PAM) and for user information (libnss) which use different systems.

> > In short, yes it's do able if you want I'll send you the code however to
> > make it work the way you want you might have to hack / patch the
> > applications.  Which would be a general improvement to the free software
> > world but not necessarily the path of least resistance.
> Let me look at the stuff first, and if I have questions, I think I just
> might take you up on that code offer.
Sure.

Sweet Dreams,
 - Martin

-- 
Martin
inkubus at interalpha.co.uk
"Seasons change, things come to pass"