Date: Mon, 31 Mar 2003 02:45:17 +0200 From: des@ofug.org (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: omestre@freeshell.org Subject: Re: pam_ldap... Message-ID: <xzpr88ogy8y.fsf@flood.ping.uio.no> In-Reply-To: <20030326150152.GG33671@madman.celabo.org> ("Jacques A. Vidrine"'s message of "Wed, 26 Mar 2003 09:01:52 -0600") References: <20030326124420.388DE10160@ws-tor-0004.procergs> <20030326150152.GG33671@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" <nectar@FreeBSD.org> writes: > The part you are missing is that before you can authenticate, you must > have account and authorization information. For UNIX services, this > means that e.g. getpwnam() needs to find you. Nope - you don't need a struct passwd to call pam_authenticate(), and PAM supports the idea of a "template user" which is used to obtain a struct passwd for users that are authenticated through other means. PAM applications are supposed to call pam_get_user() once the user has been successfully authenticated to get the name of the template user. I think most PAM applications in the base system fail to do this. DES --=20 Dag-Erling Sm=F8rgrav - des@ofug.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr88ogy8y.fsf>