Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Mar 2003 02:45:17 +0200
From:      des@ofug.org (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
To:        "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc:        omestre@freeshell.org
Subject:   Re: pam_ldap...
Message-ID:  <xzpr88ogy8y.fsf@flood.ping.uio.no>
In-Reply-To: <20030326150152.GG33671@madman.celabo.org> ("Jacques A. Vidrine"'s message of "Wed, 26 Mar 2003 09:01:52 -0600")
References:  <20030326124420.388DE10160@ws-tor-0004.procergs> <20030326150152.GG33671@madman.celabo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" <nectar@FreeBSD.org> writes:
> The part you are missing is that before you can authenticate, you must
> have account and authorization information.  For UNIX services, this
> means that e.g. getpwnam() needs to find you.

Nope - you don't need a struct passwd to call pam_authenticate(), and
PAM supports the idea of a "template user" which is used to obtain a
struct passwd for users that are authenticated through other means.
PAM applications are supposed to call pam_get_user() once the user has
been successfully authenticated to get the name of the template user.
I think most PAM applications in the base system fail to do this.

DES
--=20
Dag-Erling Sm=F8rgrav - des@ofug.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr88ogy8y.fsf>