with pam_script: use PAM_AUTHTOK within /etc/security/onauth to assign
the password of the user doing a (ssh) login to the variable NWpassword
and then using nwlogin with the option --passenv.
Then in /etc/security/onsessionopen the eDirectory login scripts are
called with nwrunscripts.
The problem I have to make this work is that pam_script runs in the
context of root. That is after doing a ssh login as an eDirectory user
effectively root is logged in to the tree and all mapped drives are
owned by root rather than by the user. I did some tests with "su -"
within the scripts but this easily creates a loop as su itself calls
pam_script. So I wonder how to make this work.