PAM and NT'ed Linux ..

[Luke Kenneth Casson Leighton]

On Thu, 30 Apr 1998, Andrew Morgan wrote:

> Luke Kenneth Casson Leighton writes:
> > On Thu, 30 Apr 1998, Dave Airlie wrote:
> > > I have seen your posting about there being a problem with Linux becoming
> > > NT'ed, due to the incompleteness of PAM,
> > > 
> > > I am just wondering how much work it would be to allow
> > > 
> > > DOMAIN\USERNAME as a username for most programs and then have the PAM
> > > module get this string and work it out from there ....
> > 
> > funnily enough i've been thinking EXACTLY the same thing for a few days!!!
> > 
> > > I might play around with this idea with pam_smb later on today to see ...
> > > 
> > > Does anyone on the pam_list have any reason why a username of that type
> > > might cause problems ?
> > 
> > it might have to be turned into a real user, but that can be done by
> > modifying the PAM_USER_DATA (or whatever) data field.  does anyone on the
> > pam_list have any problem / issue with _that_, and in particular, will it
> > cause problems for applications?
> 
> I probably would have some comments and suggestions, I just do not
> understand what you are talking about!  Please could you elaborate?
> Are you trying to make a module that will plug into login, for
> example?  If so, what would I as an applicant user see in the way of
> prompts and what would login need to support in order to work?

based on pam_unix, it would be identical to the login / logout system, but
would potentially _change_ the username that the user actually logged in
as.

e.g from \\DOMAIN\lkcl to lkcl_dom (or just to guest or nobody)
e.g from Administrator to root

such that you do

Linux 2.0.30

regent login: Administrator
Password: .....

Last Login: some_time_ago
bash% whoami
root
bash%