Pam-list Digest, Vol 57, Issue 5

Sat Nov 22 12:28:23 UTC 2008

pam-list-request at redhat.com schrieb:
> Send Pam-list mailing list submissions to
> 	pam-list at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://www.redhat.com/mailman/listinfo/pam-list
> or, via email, send a message with subject or body 'help' to
> 	pam-list-request at redhat.com
>
> You can reach the person managing the list at
> 	pam-list-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pam-list digest..."
>   
> ------------------------------------------------------------------------
>
> Today's Topics:
>
>    1. Altering entered PAM username ( Juli?n de Navascu?s )
>    2. Re: Altering entered PAM username (Jesse Zbikowski)
>   
>
> ------------------------------------------------------------------------
>
> Betreff:
> Altering entered PAM username
> Von:
> "Julián de Navascués" <julian.navascues at gmail.com>
> Datum:
> Thu, 20 Nov 2008 14:09:45 -0500
> An:
> pam-list at redhat.com
>
> An:
> pam-list at redhat.com
>
>
> Hi all,
>
> I wonder if it's possible to change the username inside a PAM auth
> module. I would like to do something like login with a user "guest"
> and map it to a real unix user account, for example "real_user" (like
> a switch user command, "su real_user")...
>
> I have tried something like this:
>
> int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,const
> char **argv)
> {
>
> int retval = pam_set_item(pamh, PAM_USER, "real_user");
> return PAM_SUCCESS;
>
> }
>
> Using this auth module with a ssh server I would expect to login as
> "real_user" and see a prompt like real_user at machine$ and
> /home/real_user as the working directory... but it does not and logs
> that "guest" is not a valid unix user on the machine.
>
> I would like to know what else is needed to map users...
>
> Thank for your help
>
>
>
>
>
> ------------------------------------------------------------------------
>
> Betreff:
> Re: Altering entered PAM username
> Von:
> "Jesse Zbikowski" <embeddedlinuxguy at gmail.com>
> Datum:
> Thu, 20 Nov 2008 11:34:01 -0800
> An:
> "Pluggable Authentication Modules" <pam-list at redhat.com>
>
> An:
> "Pluggable Authentication Modules" <pam-list at redhat.com>
>
>
> Hi Julian,
>
> 2008/11/20 Julián de Navascués <julian.navascues at gmail.com>:
>   
>> I would like to know what else is needed to map users...
>>     
Hi,

i got a ready-to-use pam module that does right what you want to do.
I'm using it successfully for quite a long time just to remap the
several cisco 'enable*' users
to one central ldap account. The module is equipped with an extensive
debug mode,
so, you may watch what's going on. The module runs fine on debian etch
and lenny.

If you would like to receive a copy of the module, please contact me vi
ae-mail directly.

Regards
Andreas
-- 
Dr.-Ing. Andreas Schindler

PDV Systeme AZ1 GmbH
Frankfurter Str. 141
63303 Dreieich

Telefon 06103-57187-21
Telefax 06103-373245

schindler at az1.de
www.az1.de

PDV Systeme AZ1 GmbH, Brandeniusstr. 3, 44265 Dortmund
HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke,
Joachim Carle