I would like a way (PAM module?) to authenticate local Unix users by adding @domain.tld to the username and trying that with the password against an IMAP server. This way we could allow authentication to our Unix boxes for people who have email addresses with our Google Apps account. If a user did not exist locally on the box (that is, adduser had never been called) I would like for the user to be created (maybe using libpam-mklocaluser?)
Is there any way to do this?
No personal experience with this, but it appears that someone else has gone down this path before. It looks like pam_imap supports the authentication piece, but you'll probably have to roll-your-own functionality to create a local user account if it doesn't already exist.