Altering entered PAM username
Martin
inkubus at interalpha.co.uk
Fri Nov 21 17:09:13 UTC 2008
<snip>
> I wonder if it's possible to change the username inside a PAM auth
> module. I would like to do something like login with a user "guest"
> and map it to a real unix user account, for example "real_user" (like
> a switch user command, "su real_user")...
>
> I have tried something like this:
>
> int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,const
> char **argv)
> {
>
> int retval = pam_set_item(pamh, PAM_USER, "real_user");
> return PAM_SUCCESS;
>
> }
>
> Using this auth module with a ssh server I would expect to login as
> "real_user" and see a prompt like real_user at machine$
> and /home/real_user as the working directory... but it does not and
> logs that "guest" is not a valid unix user on the machine.
>
> I would like to know what else is needed to map users...
You will likely also need a libnss module or mapping aware libnss. This
where what seems to be a simple PAM hack becomes rather forbiddingly
complex.
Cheers,
- Martin
More information about the Pam-list
mailing list