Can I set the user to authenticate as?

Tue Jan 8 18:25:06 UTC 2013

I'm sorry, I must have failed to explain myself well.  (Sadly a normal
occurance).

getpwnam should return the name the user typed into the login prompt.
The other name is only used by PAM when interacting with the
authentication source, in this case, an IMAP server.

Example:
Web account = geology
IMAP account = jdoe

The user types in 'geology' at the login prompt and they type in the
password to their imap account.  My weird module looks up geology in a
table and finds 'jdoe' or whatever.  My module somehow tells the next
module , pam_imap to use 'jdoe' instead of 'geology'.  Then, somehow,
PAM uses 'geology' for session and so forth.

On Tue, Jan 8, 2013 at 9:16 AM, Martin <inkubus at interalpha.co.uk> wrote:
> On Tue, 2013-01-08 at 12:00 -0500, pam-list-request at redhat.com wrote:
>> On Fri, 4 Jan 2013 16:13:27 -0800
>> Dylan Martin <dmartin at seattlecentral.edu> wrote:
>>
>> > With pam's flow-through-the-stack nature, I thought there might be a
>> > module that would change the user name for authentication purposes.
>>
>> Theoretically this is possible. However some services do break under
>> these conditions if the username changes. For example OpenSSH has a
>> problem with this. The main exception is, if characters are turned
>> upper- or lowercase.
>>
>> Some time ago I did write a PAM module that indeed alters the
>> username.
>> You can find the source code here:
>> https://github.com/datenwolf/pam_propperpwnam
>>
>> >From the README:
>>
>> |pam_propperpwnam
>> |
>> |A PAM module that uses the entered login name as key to
>> |query the password database configured through nsswitch.conf
>> |and replaces the login name with what has been returned.
>> |
>> |On the typical system this module performs an identity transform.
>> |The main usage scenario are systems in networks where a user name
>> |is used in several distinct authentication systems, some of them
>> |being case sensitive and others not. For example the mail system
>> |may do case insensitive username lookups, while the workstations
>> |are case sensitive. In such environments users are often puzzeled
>> |about a username working in one situation does not work in another.
>>
>> There's a pam_python module, that allows you to write PAM modules with
>> Python. This is great for experimentation, I suggest you experiment
>> with this.
>>
>> But keep in mind that some things will break if you alter the login
>> name; technically those things are broken and should be fixed. Good
>> luck with filing bugs.
>>
>
> You may also have to create an NSS module that performs the same
> translation / canonicalisation so that user information functions
> (getpwnam et al.) work as expected.
>
> Cheers,
>  - Martin
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list