Hi Sumit,
Just wanted to tell you I still need an answer to the below.
Thanks!
Nick
On 08/19/2016 07:39 PM, Nikolai Kondrashov wrote:
Now I'm again approaching the implementation of tlog integration in pam_sss, and as planned, I need to get the actual user shell to put it into TLOG_REC_SHELL environment variable upon opening of the session.
However, the get_shell_override, which does all the hops and tricks to get it, requires nss_ctx, which belongs to NSS responder, specifically various shell-related configuration settings (override_shell/allowed_shells/vetoed_shells/etc_shells). I.e. essentially the PAM responder needs to be an NSS responder to get it.
To me it seems that there is no exit but to finally put that override machinery into a library, instead of having it directly in the NSS responder.
Am I wrong? Is there perhaps another way? Do you have any suggestion how to best do it?