Does portable OpenSSH support PAM_USER change?
John Olsson M
john.m.olsson at ericsson.com
Fri Apr 10 19:18:45 AEST 2015
Hi,
A simple question with perhaps a not so simple answer. :)
Does portable OpenSSH support that a PAM module changes the user during
login?
That is, what we would like to achieve is that if user "foo" stored in
an AA server like LDAP provides correct credentials (username +
password) that user should end up in a shell process running as local
user "bar" instead (and not be able to escape out to a process running
as "foo").
Or is PAM the wrong tool for this? Should this be done using NSS instead?
/John
More information about the openssh-unix-dev
mailing list