On 09/07/2016 01:48 PM, Pavel Březina wrote:
On 08/19/2016 06:39 PM, Nikolai Kondrashov wrote:
> Hi Sumit,
>
> Now I'm again approaching the implementation of tlog integration in
> pam_sss,
> and as planned, I need to get the actual user shell to put it into
> TLOG_REC_SHELL environment variable upon opening of the session.
>
> However, the get_shell_override, which does all the hops and tricks to
> get it,
> requires nss_ctx, which belongs to NSS responder, specifically various
> shell-related configuration settings
> (override_shell/allowed_shells/vetoed_shells/etc_shells). I.e.
> essentially the
> PAM responder needs to be an NSS responder to get it.
All of these seems to be just simple sssd.conf options, feel free to get
them with confdb api. See nss_get_config().
Well, these are not only options, but also logic that interprets them, and I
don't want to essentially copy the corresponding code from NSS responder to
PAM responder.
> To me it seems that there is no exit but to finally put that
override
> machinery into a library, instead of having it directly in the NSS
> responder.
This would be awesome though :-)
Yes, I would like that too, but I'd like to wait for Sumit's response :)
Nick