Mapping username in PAM and OpenSSH
Ian jonhson
jonhson.ian at gmail.com
Wed Jan 28 02:31:32 UTC 2009
Some work has been done.
The XtreemOS project (http://www.xtreemos.org/) has put
many manpower in OpenSSH to develop the mechanims
via PAM and NSS. Relative publications can be found in
http://www.usenix.org/events/lasco08/tech/full_papers/qin/qin.pdf
The project is now working with Linux community on
opening its source codes.
Hope it will be useful to you.
On 1/9/09, Francesco Di Natale <josimapi at gmail.com> wrote:
> Hello all,
>
> I have been looking in the archives that somebody talks about changing the
> username by using PAM
> (http://www.redhat.com/archives/pam-list/2008-November/msg00009.html).
>
> I am facing with the same problem. I would like to access using OpenSSH
> another machine in which there is a PAM module that carry out a change of
> user. Let me explain it better. What I am trying to do is:
>
> Through OpenSSH the user inputs as username 'anonymous' and password
> 'anonymous' too.
> The PAM module tries to map 'guest' to 'system' and doesn't mind about the
> password.
> The final result would be to see the prompt showing 'system at mycomputer$' and
> the corresponding folder mounted as the working one.This is the piece of
> code that is supposed to make the change of user:
>
> int pam_sm_authenticate(pam_handle_t *pamh,int flags,int
> argc,const char **argv)
> {
>
> int retval = pam_set_item(pamh, PAM_USER, "system");
> return PAM_SUCCESS;
>
> }
>
>
> BUT the log says that 'anonymous' is not a valid user and it doesn't log as
> 'system'. My questions are:
>
>
> Despite the fact that I have created 'anonymous' as user, I haven't been
> capable of mapping the user 'system' with PAM.
> I have taking a look to NSS (which is one of the solutions given in the
> previously mentioned thread) and don't know how does it fit in this
> structure. Am I wrong?
> Is OpenSSH fault because it seems that doesn't take into account the change
> of user?
> Is user mapping possible in this structure (OpenSSH + PAM)?I apologize for
> such a long mail but I just wanted to be accurate.
>
> Thanks a lot
> Have a great day
>
>
>
>
>
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
More information about the Pam-list
mailing list