I would like to modify PAM such that when a person authentications, PAM tries the username exactly as given (which is how it normally works), then if there is no exact match, tries either the all lower case version, or the first case-insensitive match. I downloaded the latest PAM source, from http://www.kernel.org/pub/linux/libs...-1.0.1.tar.bz2 but I am not exactly sure, where in there, I need to start looking. I thought pam_unix was the responsible module, so I checked in modules/pam_unix/pam_unix_acct.c.

I'm guessing I'd want to manually change all usernames to the lower case spelling, then change line 190 from:
uname = void_uname;
to
uname = lcase(void_uname);

But that would really not do all I wanted because it wouldn't attempt the exact given username first, or search for any case.

Am I missing an easier solution to this? Has someone else already done it? (No, I do not have the option to mandate which capitalization user names will be given as.) I don't need a lecture on why you think usernames should be lower case, or why you think case is important. I'm asking if anyone has experience making PAM authenticate insensitive to case.

You are missing the point. There are OTHER dependencies that you are not aware of.

Its not that you can't create user names with mixed case. Its that other tools are case-preserving, case-independent. For example, sendmail.

The easiest way is to modify your adduser stuff so it lowercases the username before it creates them, then your lcase mod that you've already done will work no matter how mixed the case is that the user has decided to log in with. Many isps do this in their email and connection authentication databases because people will use all different kinds of capitalization on their namesR. Otherwise you'll have a complete explosion in the size of your search for what possible letters might be capitialized.

man 5 passwd:

Unix account names are lowercase; too many utilities depend on this. It is even built into the tty driver (man stty, seach lcase).

OK, seriously, I meant it when I said I didn't want to debate the righteousness of all lower case. My name is not billy. It is Billy. That is reality. Now I don't really care what my username is, but other people do. If it really was true that that usernames could only be lower case, then login, and any other program, shouldn't have any trouble ignoring the case of usernames it's given. However, it is quite possible to create two users with the same username, and different capitalization (or two users who's usernames differ only in case if that's how you would like to say it). I don't know of anyone who actually does this, but is possible.

Mr. C., your name is Mr. C., not mr. c.. Machines exist to improve the lives of humans, not create arbitrary constraints upon them. I do not use Unix. I use GNU/Linux. The very name declares "not Unix".

Further, my intention is not to place constraints on users, but to fix the machine so that it may respond with better exception handling when looking up a username.

The referenced man page is either incorrect, or when it used the word "should" it was speaking of the personal tastes of its author. I have used usernames before with capitalization, and experienced no trouble logging in (gdm and ttys). Perhaps that limitation corrected in the RedHat derived distributions I use. And, any debate over whether capitalization is 'good' or 'bad' or 'ok' is irrelevant. That's not the goal.

The goal is to allow a person, specifying any capitalization-only variant, and the correct password, to authenticate to their account. Once they're in, the ${USER} variable, and whoami, should show them the username as stored in /etc/passwd. I only mean to fix the authentication process to accept variance in capitalization of HUMAN PROVIDED username before/during authentication.

It sounds like the lcase() idea would be the easiest to implement still. I was hoping there was some alternate pam_unix.so that included an option for this.

The constraints are placed by system standards. You can user other authentication methods as you see fit and to suit your needs, but standard unix/linux /etc/passwd is lowercase. Game over.

If you want to develop your own version of a distribution, and change various library calls, system utilities, tty driver, etc. by all means, go right ahead. It is far more difficult that you imagine.

I created a user named IUseUpperCase, just a minute ago, logged in, and am posting this reply as that user. This is on Fedora 8 x86_64 with no extra effort my part aside from "useradd IUseUpperCase". The man page is incorrect.

I do not intend to have a user named IUseUpperCase and a user named iuseuppercase. What I want is to have just one user, and they log in using whatever capitalization they prefer.

This http://puszcza.gnu.org.ua/software/p...ules.html#SEC6 Seems to be close to what I want, but I can't figure how where to put it in /etc/pam.d/system-auth so that it does its transform before anything sees the username.

You are missing the point. There are OTHER dependencies that you are not aware of.

Its not that you can't create user names with mixed case. Its that other tools are case-preserving, case-insensitive, or case-sensitive. For example, MTAs such as sendmail or postfix:

man aliases:

That's fine. Any tools that get launched after login would get the username from ${USER} or get the UID of the person that started the process. I don't mean to change what the user's username is. I mean to change how they authenticate. How the person authenticates, to become the user. After authentication, they would be the user precisely capitalized as specified in /etc/passwd

Its not fine, and your thesis is quite simply incorrect. Other applications use standard library calls such as getpwnam() to extract information from the passwd database. And they make assumptions based upon standard practices. Thus, user "joe" will also get email sent to your different user Joe, or JOe or JoE. Case does matter, whether or not you want to believe it.

Do what you want - I'm done with this discussion.

Thanks for being done with it. It was obvious from the beginning all you wanted to do was argue semantics of username capitalization, which I explicitly stated was not welcome. My question was never about usernames themselves. Stop getting distracted. It was about AUTHENTICATION. I'll wait, and try to figure out how to make this work on my own, or with help from someone else.

I guess to re state the whole thing again. say there is a user bob, with a home directroy at /home/bob/ I need bob to be able to log in by supplying the username "iamnotbob" and the password of the user bob. There we go. A nice example without using capitalization anywhere. Now take that concept, replacing iamnotbob with bob, and extrapolate it to flexible input matching like samba does. That's what I'm trying to do.