PAM-modules Manual (split by node):   Section:   Chapter:FastBack: regex   Up: regex   FastForward: log   Contents: Table of ContentsIndex: Concept Index

4.2 Using pam_regex to alter user names.

Another common use for pam_regex is to alter user names. This mode is enabled when the transform option is used in the command line:

transform=expression

Transform the user name using given regular expression.

Its argument, expression, is a sed-like replace expression of the form: 

s/regexp/replace/[flags]

where regexp is a regular expression, replace is a replacement for each file name part that matches regexp. Both regexp and replace are described in detail in The ‘s’ Command in GNU sed.

As in sed, you can give several replace expressions, separated by a semicolon.

Supported flags are:

g

Apply the replacement to all matches to the regexp, not just the first.

i

Use case-insensitive matching

x

regexp is an extended regular expression (see Extended regular expressions in GNU sed).

number

Only replace the numberth match of the regexp.

Note: the posix standard does not specify what should happen when you mix the ‘g’ and number modifiers. Pam_regex follows the GNU sed implementation in this regard, so the interaction is defined to be: ignore matches before the numberth, and then match and replace all matches from the numberth on.

Any delimiter can be used in lieue of ‘/’, the only requirement being that it be used consistently throughout the expression. For example, the following two expressions are equivalent: 

s/one/two/
s,one,two,

Changing delimiters is often useful when the regex contains slashes. For instance, it is more convenient to write s,/,-, than s/\//-/.

The following example converts the user name to lower case and removes any suffix starting from the ‘@’ symbol: 

pam_regex.so extended transform=s/.*/\L&/g;s/@.*//

Both transform and regex can be used simultaneously. For example, the following command line first converts the user name to lower case and removes anything after the ‘@’ symbol, and then compares it to the given regular expression. Access is denied if the resulting user name matches the expression. 

pam_regex.so extended transform=s/.*/\L&/g;s/@.*// \
             regex=^(anoncvs|anonymous)$ sense=deny

PAM-modules Manual (split by node):   Section:   Chapter:FastBack: regex   Up: regex   FastForward: log   Contents: Table of ContentsIndex: Concept Index

This document was generated on August 11, 2021 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.