A simple PAM authentication module for authenticating Linux users against the AccountHub API.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

68 lines
2.3 KiB

4 years ago
9 years ago
4 years ago
4 years ago
  1. # PAM for Business Apps
  2. This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API. Use at your own risk.
  3. ## Installation
  4. Since working with PAM can lead to problems in authentication, keep a
  5. shell with root access open while experimenting.
  6. Install the package libpam-python:
  7. sudo apt install libpam-python
  8. Edit `pam_netsyms.py` and supply the Portal API URL and a valid API key.
  9. Copy the provided `pam_netsyms.py` to `/lib/security`:
  10. sudo cp pam_netsyms.py /lib/security
  11. ### Packages
  12. You can install this project on Ubuntu/Debian-based systems. Simply add [this repository](https://repo.netsyms.com/) and install `netsyms-pam-auth`. You will be asked for a Business Apps server URL and API key during the install process.
  13. ### Install
  14. Make a file `/usr/share/pam-configs/netsyms` with the following content:
  15. Name: Netsyms Business Apps authentication
  16. Default: no
  17. Priority: 256
  18. Auth-Type: Primary
  19. Auth:
  20. [success=end default=ignore] pam_python.so pam_netsyms.py
  21. Run `sudo pam-auth-update` and enable it
  22. ### Manual Install
  23. Make a backup of the file `/etc/pam.d/common-auth`:
  24. sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original
  25. Edit the file `/etc/pam.d/common-auth` introducing a line in which you
  26. declare your custom authentication method. It should be something like
  27. this:
  28. auth [success=2 default=ignore] pam_python.so pam_netsyms.py
  29. and should be put just before (or after, according to your needs) the
  30. other authentication methods.
  31. Some explanations:
  32. 1. "success=2" means that the next two lines should be skipped in case of success (edit as needed)
  33. 2. "pam_python.so" is the name of the shared object that will be called by pam
  34. 3. "pam_netsyms.py" is the script in python that we provide
  35. #### Sample /etc/pam.d/common-auth
  36. This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.
  37. auth [success=2 default=ignore] pam_unix.so nullok_secure
  38. auth [success=1 default=ignore] pam_python.so pam_netsyms.py
  39. session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
  40. auth requisite pam_deny.so
  41. auth required pam_permit.so