On 08/19/2016 06:39 PM, Nikolai Kondrashov wrote:
Hi Sumit,
Now I'm again approaching the implementation of tlog integration in pam_sss, and as planned, I need to get the actual user shell to put it into TLOG_REC_SHELL environment variable upon opening of the session.
However, the get_shell_override, which does all the hops and tricks to get it, requires nss_ctx, which belongs to NSS responder, specifically various shell-related configuration settings (override_shell/allowed_shells/vetoed_shells/etc_shells). I.e. essentially the PAM responder needs to be an NSS responder to get it.
All of these seems to be just simple sssd.conf options, feel free to get them with confdb api. See nss_get_config().
To me it seems that there is no exit but to finally put that override machinery into a library, instead of having it directly in the NSS responder.
This would be awesome though :-)