Does portable OpenSSH support PAM_USER change?

John Olsson M john.m.olsson at
Fri Apr 10 19:18:45 AEST 2015


A simple question with perhaps a not so simple answer. :)

Does portable OpenSSH support that a PAM module changes the user during 

That is, what we would like to achieve is that if user "foo" stored in 
an AA server like LDAP provides correct credentials (username + 
password) that user should end up in a shell process running as local 
user "bar" instead (and not be able to escape out to a process running 
as "foo").

Or is PAM the wrong tool for this? Should this be done using NSS instead?


More information about the openssh-unix-dev mailing list