pam_ldap...

[Dag-ErlingSmørgrav]

"Jacques A. Vidrine" <nectar at FreeBSD.org> writes:
> The part you are missing is that before you can authenticate, you must
> have account and authorization information.  For UNIX services, this
> means that e.g. getpwnam() needs to find you.

Nope - you don't need a struct passwd to call pam_authenticate(), and
PAM supports the idea of a "template user" which is used to obtain a
struct passwd for users that are authenticated through other means.
PAM applications are supposed to call pam_get_user() once the user has
been successfully authenticated to get the name of the template user.
I think most PAM applications in the base system fail to do this.

DES
-- 
Dag-Erling Smørgrav - des at ofug.org