Another AMGH update regarding usernames which can't be overridden
By bobd on Mar 09, 2007
Due to popular demand, I just added this section to the "AMGH HOW-TO Guide":
An unsupported way to make the "username" non-overridable
usernamereturned by the API can be overridden by the Display Manager (e.g. dtlogin's "Start Over" button). Some customers would like this setting to be a sort of "security" feature that cannot be overridden by the user, rather than a "convenience" feature as it exists today. In future, we may add such a feature to the product. There is an unsupported way to deal with this today, however for non-NSCM logins. You can edit /etc/pam.conf and remove the clearuser option from the pam_sunray_amgh.so module. This is not officially supported because it has not been tested by our Quality Assurance team but it has been known to work for some customers. There is no similar recourse for NSCM logins today - the "Start Over" button will clear the preset login name returned by AMGH.