Hi Sumit,
Now I'm again approaching the implementation of tlog integration in pam_sss,
and as planned, I need to get the actual user shell to put it into
TLOG_REC_SHELL environment variable upon opening of the session.
However, the get_shell_override, which does all the hops and tricks to get it,
requires nss_ctx, which belongs to NSS responder, specifically various
shell-related configuration settings
(override_shell/allowed_shells/vetoed_shells/etc_shells). I.e. essentially the
PAM responder needs to be an NSS responder to get it.
To me it seems that there is no exit but to finally put that override
machinery into a library, instead of having it directly in the NSS responder.
Am I wrong? Is there perhaps another way?
Do you have any suggestion how to best do it?
Thanks a lot!
Nick