From b6a7c95c22f95f1dbfe8a2ed8cd331fbd26c4008 Mon Sep 17 00:00:00 2001 From: Wolfgang Draxinger Date: Thu, 9 Jun 2011 17:08:08 +0200 Subject: README written --- README | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 README (limited to 'README') diff --git a/README b/README new file mode 100644 index 0000000..25531b8 --- /dev/null +++ b/README @@ -0,0 +1,38 @@ +pam_propperpwnam + +A PAM module that uses the entered login name as key to +query the password database configured through nsswitch.conf +and replaces the login name with what has been returned. + +On the typical system this module performs an identity transform. +The main usage scenario are systems in networks where a user name +is used in several distinct authentication systems, some of them +being case sensitive and others not. For example the main system +may do case insensitive username lookups, while the workstations +are case sensitive. In such environments users are often puzzeled +about a username working in one situation does not work in another. +Actually this module has been written for this very reason. + +CONFIGURATION + +pam_propperpwnam.so needs no configuration except adding it as "optional" +early in in the list of PAM modules executed for user authentication. +A good place in most distributions is /etc/pam.d/common-auth + +Example configuration, authentication with rewritten username against +Kerberos5 infrastructure: + + auth [success=done new_authtok_reqd=done default=ignore] pam_unix.so + auth optional pam_propperpwnam.so + auth required pam_krb5.so use_first_pass forwardable + auth required pam_permit.so + auth optional pam_group.so + +BUGS AND ISSUES + +Probably there are some, but they are not known yet. + +AUTHOR + +Wolfgang Draxinger, Wolfgang.Draxinger@physik.uni-muenchen.de + -- cgit v1.2.3