blob: 53eed0415ad4c19064fe55fbb8467018d35ccf21 (plain
A PAM module that uses the entered login name as key to
query the password database configured through nsswitch.conf
and replaces the login name with what has been returned.
On the typical system this module performs an identity transform.
The main usage scenario are systems in networks where a user name
is used in several distinct authentication systems, some of them
being case sensitive and others not. For example the mail system
may do case insensitive username lookups, while the workstations
are case sensitive. In such environments users are often puzzeled
about a username working in one situation does not work in another.
Actually this module has been written for this very reason.
pam_propperpwnam.so needs no configuration except adding it as "optional"
early in in the list of PAM modules executed for user authentication.
A good place in most distributions is /etc/pam.d/common-auth
Example configuration, authentication with rewritten username against
auth [success=done new_authtok_reqd=done default=ignore] pam_unix.so
auth optional pam_propperpwnam.so
auth required pam_krb5.so use_first_pass forwardable
auth required pam_permit.so
auth optional pam_group.so
BUGS AND ISSUES
Probably there are some, but they are not known yet.
Wolfgang Draxinger, Wolfgang.Draxinger@physik.uni-muenchen.de