On 09/07/2016 01:48 PM, Pavel Březina wrote:
On 08/19/2016 06:39 PM, Nikolai Kondrashov wrote:
Hi Sumit,
Now I'm again approaching the implementation of tlog integration in pam_sss, and as planned, I need to get the actual user shell to put it into TLOG_REC_SHELL environment variable upon opening of the session.
However, the get_shell_override, which does all the hops and tricks to get it, requires nss_ctx, which belongs to NSS responder, specifically various shell-related configuration settings (override_shell/allowed_shells/vetoed_shells/etc_shells). I.e. essentially the PAM responder needs to be an NSS responder to get it.
All of these seems to be just simple sssd.conf options, feel free to get them with confdb api. See nss_get_config().
Well, these are not only options, but also logic that interprets them, and I don't want to essentially copy the corresponding code from NSS responder to PAM responder.
To me it seems that there is no exit but to finally put that override machinery into a library, instead of having it directly in the NSS responder.
This would be awesome though :-)
Yes, I would like that too, but I'd like to wait for Sumit's response :)
Nick