Is it possible to recreate the functionality of pam_userdb.so to make an application authenticate virtual users (valid for one specific service only) on Solaris?
Situation is: higher-ups have dictated that we use a file distribution tool that only supports password-based authentication, and transfers passwords in the clear. Because of the amount of data that will be transferred, using SSL tunnels is impractical.
The application is pam-aware so we can configure a special authentication stack for it. On our linux servers, we configure pam_userdb to use a separate passwd database so no one can use the password to login direcctly:
someapp auth sufficient pam_userdb.so db=/etc/someapp-passwd try_first_pass
There seems to be no equivalent on Solaris.
You could use pam in Solaris but my experience so far has been of pure pain, it wouldn't be a bad idea in your case to just use kerberos or yp based auth so you can also share a common user database between those servers to keep things in line.
Are you just trying to allow authentication but not allow a shell login? You can do that by changing the user's shell to something that just kicks them back off. You can also log the attempt to make sure no one is trying to abuse the account.
Have you tried taking the pam_userdb source for the module you use on Linux and building it on Solaris? The whole point of PAM is to allow you to plugin additional modules, including ones that aren't provided with the system.