Re: [gdm-list] Autentication fake.

[Jouko Orava <jouko orava helsinki fi>]

Hello,

> I'm playing with gdm and authentication and I would like to do this:
>
> Anyone who try authenticate in gdm is trusted for me, so I want to create that
> typed user and pass on the fly and init session.

This is actually a PAM question, and has nothing to do with
GDM; I'd suggest contacting PAM developers instead.

The Linux-PAM developer site is at
	http://kernel.org/pub/linux/libs/pam/
and they have a mailing list, pam-list redhat com, with archives at
	https://listman.redhat.com/mailman/listinfo/pam-list

That said, you need a PAM module which creates the user and the user home
directory, then grants the authentication request. I don't think there
exists such a module yet, but I did not do a thorough search.

I do know there are modules which do create the home directory but not
the user -- typically these are used with a LDAP directory.

(I believe your best approach is to write a PAM module, which adds the
 users into /etc/passwd and /etc/shadow using a shared group,
 if the user does not exist yet. To create the user home directory,
 the module needs to copy /etc/skel/ to /home/username.
 None of this is too complicated, but the PAM module must be very
 careful and robust in its file handling.)

You'll need to include the module in PAM configuration for GDM.
If you are using Ubuntu, you'll need to add it to /etc/pam.d/gdm,
with something like
	auth sufficient pam_create_user.so
(if pam_create_user.so is the new PAM module),
just before the @include common-auth line.

This way users are authenticated against the existing user database.
If that does not work, the pam_create_user.so module is used.
This way the new PAM module only needs to take care of new users;
existing users use the normal mechanisms automatically.

If you need further help, you can e-mail me directly.

Cheers,
	Jouko Orava