Business
/
BizApps-PAM-Module
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A simple PAM authentication module for authenticating Linux users against the AccountHub API.
15 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
BizApps-PAM-Module
Skylar Ittner 07e2b4dbc8 Update readme 4 months ago
debian Add sample scripts and .deb builder 4 months ago
pam-configs Add sample scripts and .deb builder 4 months ago
LICENSE.txt added first version files 5 years ago
README.md Update readme 4 months ago
builddeb.sh Add sample scripts and .deb builder 4 months ago
pam_netsyms.py Changes 4 months ago

README.md

PAM for Business Apps

This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API. Use at your own risk.

Installation

Since working with PAM can lead to problems in authentication, keep a shell with root access open while experimenting.

Install the package libpam-python:

sudo apt install libpam-python

Edit pam_netsyms.py and supply the Portal API URL and a valid API key.

Copy the provided pam_netsyms.py to /lib/security:

sudo cp pam_netsyms.py /lib/security

Packages

You can install this project on Ubuntu/Debian-based systems. Simply add this repository and install netsyms-pam-auth. You will be asked for a Business Apps server URL and API key during the install process.

Install

Make a file /usr/share/pam-configs/netsyms with the following content:

Name: Netsyms Business Apps authentication
Default: no
Priority: 256
Auth-Type: Primary
Auth:
    [success=end default=ignore]    pam_python.so pam_netsyms.py

Run sudo pam-auth-update and enable it

Manual Install

Make a backup of the file /etc/pam.d/common-auth:

sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original

Edit the file /etc/pam.d/common-auth introducing a line in which you declare your custom authentication method. It should be something like this:

auth  [success=2 default=ignore] pam_python.so pam_netsyms.py

and should be put just before (or after, according to your needs) the other authentication methods.

Some explanations:

  1. "success=2" means that the next two lines should be skipped in case of success (edit as needed)

  2. "pam_python.so" is the name of the shared object that will be called by pam

  3. "pam_netsyms.py" is the script in python that we provide

Sample /etc/pam.d/common-auth

This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.

auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_python.so pam_netsyms.py
session required                        pam_mkhomedir.so skel=/etc/skel/ umask=0022
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so