On unix systems, each separate user account has a unique username. Passwords, then, are not unique – every distinct user could have the same exact password.
I want to do the converse. I want one username, but I want that login name to have multiple passwords. Depending on the password, you would either be logged into a different account (with a different UID) or you would simply have a different home directory.
The goal is for two separate entities to share the same username but have their files be separate – in this case, file permissions between different UIDs are less important.
Any thoughts on how to accomplish this, or something like it? Some abuse of /etc/shadow or PAM?
Is this something that could be accomplished by writing a PAM module (I've never written one before. Is it very very hard?)
Best Answer
I don't believe that's possible. You could have two entries in
/etc/passwd
with the same user names but different UIDs, but the system would probably just ignore the second one (or misbehave in some way); arguably such an/etc/passwd
file would be considered corrupt.When you login to the system, you're first prompted for your user name. Once you've done that, the system prompts for your password, and checks whether the entered password matches the password for the account corresponding to that user name. By the time you're entering your password, the system has already determined what account you're trying to access.
I suppose you could modify various pieces of the system to get the behavior you want, but you'd have to replace several different pieces of software, including anything that authenticates and authorizes users (console login, su, ssh, and whatever other methods are enabled). Any mistakes would likely open huge gaping security holes.
EDIT : Based on the comments, PAM is probably the way to do this. I'm not familiar enough with PAM to go into more detail. (It's still a really bad idea.)