PAM and NT'ed Linux ..

Luke Kenneth Casson Leighton lkcl at regent.push.net
Fri May 1 14:48:31 GMT 1998


> The pam notion of who is being authenticated is contained in the
> PAM_USER item.  How this item is filled is something a module has a
> lot of control over.  The default is for the application to supply
> this value when you call pam_start, or for a module to make use of the
> PAM_PROMPT item and call pam_get_user().  Alternatively, if your
> module wants to explicitly prompt for:
> 
> 	login: me
> 	domain [default=here]: there

oo!  excellent idea!

> 	password: XXXX
> 
> and then translate the me/there combination into a local (UNIX)
> username with the appropriate credentials, it can.  All it does is
> pam_set_item(..PAM_USER...) with the appropriate UNIX username.  It

that's exactly what we needed to know.

> With "correctly" PAMified applications, this will likely "just work".
> You may have problems with things like ftpd and popd whose protocols
> are so restrictive that they don't support arbitrary user prompting...

then would the username format of \DOMAIN\user (or DOMAIN/user) suffice in
this instance?  are you saying that arbitrary user prompting means "give
me a username and a password and nothing else"?



More information about the samba-ntdom mailing list