aboutsummaryrefslogtreecommitdiff
pam_propperpwnam

A PAM module that uses the entered login name as key to
query the password database configured through nsswitch.conf
and replaces the login name with what has been returned.

On the typical system this module performs an identity transform.
The main usage scenario are systems in networks where a user name
is used in several distinct authentication systems, some of them
being case sensitive and others not. For example the mail system
may do case insensitive username lookups, while the workstations
are case sensitive. In such environments users are often puzzeled
about a username working in one situation does not work in another.

Actually this module has been written for this very reason.

CONFIGURATION

pam_propperpwnam.so needs no configuration except adding it as "optional"
early in in the list of PAM modules executed for user authentication.
A good place in most distributions is /etc/pam.d/common-auth

Example configuration, authentication with rewritten username against
Kerberos5 infrastructure:

	auth [success=done new_authtok_reqd=done default=ignore] pam_unix.so
	auth optional pam_propperpwnam.so
	auth required pam_krb5.so use_first_pass forwardable
	auth required pam_permit.so
	auth optional pam_group.so

BUGS AND ISSUES

Probably there are some, but they are not known yet.

AUTHOR

Wolfgang Draxinger, Wolfgang.Draxinger@physik.uni-muenchen.de