|Skylar Ittner e6d3c66d4a s/portal/accounthub||1 month ago|
|LICENSE.txt||4 years ago|
|README.md||1 month ago|
|pam_custom.py||1 month ago|
This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API. Use at your own risk.
Since working with PAM can lead to problems in authentication, keep a shell with root access open while experimenting.
Install the package libpam-python:
sudo apt-get install libpam-python
pam_custom.py and supply the Portal API URL and a valid API key.
Copy the provided
sudo cp pam_custom.py /lib/security
Make a backup of the file
sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original
Edit the file
/etc/pam.d/common-auth introducing a line in which you
declare your custom authentication method. It should be something like
auth [success=2 default=ignore] pam_python.so pam_custom.py
and should be put just before (or after, according to your needs) the other authentication methods.
"success=2" means that the next two lines should be skipped in case of success (edit as needed)
"pam_python.so" is the name of the shared object that will be called by pam
"pam_custom.py" is the script in python that we provide
This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_python.so pam_custom.py auth requisite pam_deny.so auth required pam_permit.so