pam_ldap...
Dag-ErlingSmørgrav
des at ofug.org
Sun Mar 30 16:45:22 PST 2003
"Jacques A. Vidrine" <nectar at FreeBSD.org> writes:
> The part you are missing is that before you can authenticate, you must
> have account and authorization information. For UNIX services, this
> means that e.g. getpwnam() needs to find you.
Nope - you don't need a struct passwd to call pam_authenticate(), and
PAM supports the idea of a "template user" which is used to obtain a
struct passwd for users that are authenticated through other means.
PAM applications are supposed to call pam_get_user() once the user has
been successfully authenticated to get the name of the template user.
I think most PAM applications in the base system fail to do this.
DES
--
Dag-Erling Smørgrav - des at ofug.org
More information about the freebsd-hackers
mailing list