[plug] PAM and authorization identifiers
Craig Ringer
craig at postnewspapers.com.au
Tue Nov 11 15:01:33 WST 2003
Hi folks
I was wondering if anybody knows if PAM can handle logins where
authentication ID != authorization ID. I'd like to be able to
authenticate as 'root' to log in as any user, removing the need to know
or change that user's password. 'su' and ssh keys work OK, but it's
annoying when I want access to a user's full login session to look into
a problem.
Many other things - like the Cyrus IMAP daemon - support this, so I was
hoping PAM might.
I'm running RH8, and authenticating users over LDAP with pam_ldap if
that's of any use.
My current solution is to become the target user (sudo su - $USERNAME)
then `startx -- /usr/X11/bin/Xnest :1`. I would find it very useful to
be able to use PAM to authorize and authenticate separately, though -
for example, to give the sales supervisor the ability to log in as
anybody in group 'sales'.
Craig Ringer
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list