PAM and NT'ed Linux ..
Luke Kenneth Casson Leighton
lkcl at regent.push.net
Fri May 1 14:48:31 GMT 1998
> The pam notion of who is being authenticated is contained in the
> PAM_USER item. How this item is filled is something a module has a
> lot of control over. The default is for the application to supply
> this value when you call pam_start, or for a module to make use of the
> PAM_PROMPT item and call pam_get_user(). Alternatively, if your
> module wants to explicitly prompt for:
>
> login: me
> domain [default=here]: there
oo! excellent idea!
> password: XXXX
>
> and then translate the me/there combination into a local (UNIX)
> username with the appropriate credentials, it can. All it does is
> pam_set_item(..PAM_USER...) with the appropriate UNIX username. It
that's exactly what we needed to know.
> With "correctly" PAMified applications, this will likely "just work".
> You may have problems with things like ftpd and popd whose protocols
> are so restrictive that they don't support arbitrary user prompting...
then would the username format of \DOMAIN\user (or DOMAIN/user) suffice in
this instance? are you saying that arbitrary user prompting means "give
me a username and a password and nothing else"?
More information about the samba-ntdom
mailing list