Authenticating users from proprietary user databases

Christian Winter bitpoet at linux-config.de
Sat Oct 17 17:50:43 EST 2009


Yaniv Aknin wrote:
[using pam to authenticate 'virtual' users]
> Uhm, I'm not sure how that would work. I think because my users don't
> "exist" in the sense the getpwnam et al won't work on them, I must either
> override getpwnam or write an NSS module. Otherwise, how would sshd know
> (for example) what's the UID of user foo when foo tries to log in? (same
> goes for homedir, gid, etc).
>
> Anyway, I'm already doing pretty well with LD_PRELOAD, I think I'll have a
> working solution rather soon, and it wasn't even half as hard as I feared,
> too.
>   
I just want to point out that something similar to your problem
has already been approached using pam and its possiblity to
override PAM_USER and map it to another built-in account, so maybe
you can find something helpful there:
https://bugzilla.mindrot.org/show_bug.cgi?id=1215

-Chris


More information about the openssh-unix-dev mailing list