rename user via PAM module?
Tomas Mraz
tmraz at redhat.com
Tue Jun 14 18:04:06 UTC 2011
On Tue, 2011-06-14 at 18:49 +0200, Riccardo Murri wrote:
> Hello,
>
> Is there a PAM module to remap the username according to some simple
> configuration file? I'm thinking of reading a simple plaintext file:
>
> string1: string2
>
> and would set PAM_USER to "string2" if it was "string1". My reading
> of the PAM module interface docs are that this case is supported but I
> cannot find any module implementing this.
>
> Background: I'd like to use an LDAP directory as auth backend for some
> Linux hosts via the PAM LDAP module, but the "uid" attributes in the
> LDAP are rather awkward (a single letter + randomly generated
> six-digit number) so I would like people to be able to use their
> preferred account name for logging in.
>
> I know I can use an arbitrary LDAP attribute for mapping, but I cannot
> write to the LDAP database and there is no such field currently. ("sn"
> has clashes)
>
> Many thanks in advance for any hint!
There is no such module currently. Also there is a problem that some
applications/services that call the PAM library do not work correctly in
this situation. Typical example is the OpenSSH sshd that ignores the
PAM_USER changes made by modules.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list