Can I set the user to authenticate as?

[Martin]

On Tue, 2013-01-08 at 12:00 -0500, pam-list-request at redhat.com wrote:
> On Fri, 4 Jan 2013 16:13:27 -0800
> Dylan Martin <dmartin at seattlecentral.edu> wrote:
> 
> > With pam's flow-through-the-stack nature, I thought there might be a
> > module that would change the user name for authentication purposes.
> 
> Theoretically this is possible. However some services do break under
> these conditions if the username changes. For example OpenSSH has a
> problem with this. The main exception is, if characters are turned
> upper- or lowercase.
> 
> Some time ago I did write a PAM module that indeed alters the
> username.
> You can find the source code here:
> https://github.com/datenwolf/pam_propperpwnam
> 
> >From the README:
> 
> |pam_propperpwnam
> |
> |A PAM module that uses the entered login name as key to
> |query the password database configured through nsswitch.conf
> |and replaces the login name with what has been returned.
> |
> |On the typical system this module performs an identity transform.
> |The main usage scenario are systems in networks where a user name
> |is used in several distinct authentication systems, some of them
> |being case sensitive and others not. For example the mail system
> |may do case insensitive username lookups, while the workstations
> |are case sensitive. In such environments users are often puzzeled
> |about a username working in one situation does not work in another.
> 
> There's a pam_python module, that allows you to write PAM modules with
> Python. This is great for experimentation, I suggest you experiment
> with this.
> 
> But keep in mind that some things will break if you alter the login
> name; technically those things are broken and should be fixed. Good
> luck with filing bugs.
> 

You may also have to create an NSS module that performs the same
translation / canonicalisation so that user information functions
(getpwnam et al.) work as expected.

Cheers,
 - Martin