A simple PAM authentication module for authenticating Linux users against the AccountHub API.
|
1 month ago | |
---|---|---|
debian | 1 month ago | |
pam-configs | 1 month ago | |
LICENSE.txt | 5 years ago | |
README.md | 1 month ago | |
builddeb.sh | 1 month ago | |
pam_netsyms.py | 1 month ago |
This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API. Use at your own risk.
Since working with PAM can lead to problems in authentication, keep a shell with root access open while experimenting.
Install the package libpam-python:
sudo apt install libpam-python
Edit pam_netsyms.py
and supply the Portal API URL and a valid API key.
Copy the provided pam_netsyms.py
to /lib/security
:
sudo cp pam_netsyms.py /lib/security
You can install this project on Ubuntu/Debian-based systems. Simply add this repository and install netsyms-pam-auth
. You will be asked for a Business Apps server URL and API key during the install process.
Make a file /usr/share/pam-configs/netsyms
with the following content:
Name: Netsyms Business Apps authentication
Default: no
Priority: 256
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_python.so pam_netsyms.py
Run sudo pam-auth-update
and enable it
Make a backup of the file /etc/pam.d/common-auth
:
sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original
Edit the file /etc/pam.d/common-auth
introducing a line in which you
declare your custom authentication method. It should be something like
this:
auth [success=2 default=ignore] pam_python.so pam_netsyms.py
and should be put just before (or after, according to your needs) the other authentication methods.
Some explanations:
"success=2" means that the next two lines should be skipped in case of success (edit as needed)
"pam_python.so" is the name of the shared object that will be called by pam
"pam_netsyms.py" is the script in python that we provide
This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_python.so pam_netsyms.py
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
auth requisite pam_deny.so
auth required pam_permit.so