Hi Cyrus IMAPd users, I've been having problems when I realized that there are authentication methods which are case insensitive regarding the username. Many people in non *X worlds are used the mix case in their username when looging on to different services. I realized that most current software packages support some option to lowercase usernames but my problem was that authenticating against PAM->LDAP simply succeeds whatever case was used for the username. I have then looked for a way to force PAM to only authenticate lowercase usernames but unfortunately I didn't find a simple solution and I didn't want to change the LDAP schema. Did I miss something here? I really didn't find a way to deny authentication with uppercase usernames.
So, I decided to create my own PAM plugin which simply denies access when a username contains uppercase letters. I'm using the following config as my ldap-auth stack: #%PAM-1.0 # Authenticate against LDAP but only if username is lowercase auth requisite /lib/security/pam_deny_uc.so auth required /lib/security/pam_ldap.so account required /lib/security/pam_ldap.so The plugin including rpms are here: http://home.teleport.ch/simix/RPMS/Pam_deny_uc/ The binary rpm is built on RedHat 7.2. To rebuild on other version do: rpmbuild -tb pam_deny_uc-0.1.tar.gz On RedHat 6.2, one must use: rpmbuild -tb --nodeps pam_deny_uc-0.1.tar.gz I hope this can help some people who have problems with mixed case usernames. Feedback is always welcome. Regards, Simon
