I have rootless Podman container (system: Alpine Linux) in Podman (master system: Alpine Linux). Container is able to work with xRDP (and sesman) so I am able to connect to it via local user (if defined). I would like to authorize user even if no account already defined on container system. I would like to write custom PAM module with checking external service data via OAuth2 or REST API requests. Unfortunately I am not able to get password user typed in xRDP login form.
My current questions:
- I have a plan to prepare sh script for this operation. Does it is possible in general?
- I would like to keep xRDP login form so I don't have an access to web browser at time of login so external service cannot be activated before login form. I believe I can work with REST API of service also (but need token or user name - password pair).
- Do I have any chance to get password from xrdp login dialog or really not due to PAM architecture?
- Does PAM module is the only way here in Linux how to authorize+authenticate users for Alpine Linux (or in general for any Linux)?
Thanks for help.
