How to tell SSH to setuid after PAM and not before to remap users
I ended up changing the shell for the user to a setuid wrapper that drop privileges to the intended user.
Code is here: https://github.com/kuon/radius-auth-virtual
I ended up changing the shell for the user to a setuid wrapper that drop privileges to the intended user.
Code is here: https://github.com/kuon/radius-auth-virtual