Example:
{auth_method, [pam]}.
{pam_service, "ejabberd"}.
diff --git a/doc/guide.tex b/doc/guide.tex
index bef001c32..44e8a3af8 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -1298,6 +1298,10 @@ Options:
\titem{\{pam\_service, Name\}}\ind{options!pam\_service}This option defines the PAM service name.
Default is \term{"ejabberd"}. Refer to the PAM documentation of your operation system
for more information.
+\titem{\{pam\_userinfotype, username|jid\}}\ind{options!pam\_userinfotype}
+This option defines what type of information about the user ejabberd
+provides to the PAM service: only the username, or the user JID.
+Default is \term{username}.
\end{description}
Example:
diff --git a/src/ejabberd_auth_pam.erl b/src/ejabberd_auth_pam.erl
index aff0a226b..b99c7cbd3 100644
--- a/src/ejabberd_auth_pam.erl
+++ b/src/ejabberd_auth_pam.erl
@@ -60,7 +60,11 @@ check_password(User, Server, Password, _Digest, _DigestGen) ->
check_password(User, Host, Password) ->
Service = get_pam_service(Host),
- case catch epam:authenticate(Service, User, Password) of
+ UserInfo = case get_pam_userinfotype(Host) of
+ username -> User;
+ jid -> User++"@"++Host
+ end,
+ case catch epam:authenticate(Service, UserInfo, Password) of
true -> true;
_ -> false
end.
@@ -84,7 +88,11 @@ get_password_s(_User, _Server) ->
%% TODO: Improve this function to return an error instead of 'false' when connection to PAM failed
is_user_exists(User, Host) ->
Service = get_pam_service(Host),
- case catch epam:acct_mgmt(Service, User) of
+ UserInfo = case get_pam_userinfotype(Host) of
+ username -> User;
+ jid -> User++"@"++Host
+ end,
+ case catch epam:acct_mgmt(Service, UserInfo) of
true -> true;
_ -> false
end.
@@ -106,3 +114,8 @@ get_pam_service(Host) ->
undefined -> "ejabberd";
Service -> Service
end.
+get_pam_userinfotype(Host) ->
+ case ejabberd_config:get_local_option({pam_userinfotype, Host}) of
+ undefined -> username;
+ Type -> Type
+ end.