Does portable OpenSSH support PAM_USER change?

John Olsson M john.m.olsson at ericsson.com
Fri Apr 10 19:18:45 AEST 2015


Hi,

A simple question with perhaps a not so simple answer. :)

Does portable OpenSSH support that a PAM module changes the user during 
login?

That is, what we would like to achieve is that if user "foo" stored in 
an AA server like LDAP provides correct credentials (username + 
password) that user should end up in a shell process running as local 
user "bar" instead (and not be able to escape out to a process running 
as "foo").

Or is PAM the wrong tool for this? Should this be done using NSS instead?


/John



More information about the openssh-unix-dev mailing list