> On July 13, 2017 at 4:27 AM Larry Rosenman <larry...@gmail.com> wrote: > > > I have a need for the following: > > Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT > @domain in /etc/passwd > > Virtual Users in SQL (with full user@domain in the DB) > > > > When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if > I have auth_username_format = %Lu I can’t auth System users. > > > > Is there a compromise somewhere? > >
You could try using %{original_username} in SQL. Or you can try removing the auth_username_format and instead passdb { driver = sql args = ... } passdb { driver = static args = user=%Ln noauthenticate # you can remove next line if you want to always normalize your usernames skip = authenticated } passdb { driver = pam args = ... skip = authenticated } Aki