BizApps-PAM-Module/README.md

# PAM for Business Apps
This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API.  Use at your own risk.


## Installation

Since working with PAM can lead to problems in authentication, keep a
shell with root access open while experimenting.

Install the package libpam-python:

    sudo apt install libpam-python
    
Edit `pam_netsyms.py` and supply the Portal API URL and a valid API key.
    
Copy the provided `pam_netsyms.py` to `/lib/security`:

    sudo cp pam_netsyms.py /lib/security 

### Recommended Install

Make a file `/usr/share/pam-configs/netsyms` with the following content:

	Name: Netsyms Business Apps authentication
	Default: no
	Priority: 256
	Auth-Type: Primary
	Auth:
		[success=end default=ignore]    pam_python.so pam_netsyms.py
		
Run `sudo pam-auth-update` and enable it

### Manual Install

Make a backup of the file `/etc/pam.d/common-auth`:

    sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original
    
Edit the file `/etc/pam.d/common-auth` introducing a line in which you
declare your custom authentication method. It should be something like
this:

    auth  [success=2 default=ignore] pam_python.so pam_netsyms.py

and should be put just before (or after, according to your needs) the
other authentication methods.

Some explanations:

1. "success=2" means that the next two lines should be skipped in case of success (edit as needed)

2. "pam_python.so" is the name of the shared object that will be called by pam

3. "pam_netsyms.py" is the script in python that we provide

#### Sample /etc/pam.d/common-auth

This config file will gather the username and password and attempt a normal login.  If that fails, PAM will try to process the login via this module.

    auth    [success=2 default=ignore]      pam_unix.so nullok_secure
    auth    [success=1 default=ignore]      pam_python.so pam_netsyms.py
    session required                        pam_mkhomedir.so skel=/etc/skel/ umask=0022
    auth    requisite                       pam_deny.so
    auth    required                        pam_permit.so
Update readme 6 years ago			`# PAM for Business Apps`
			`This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API. Use at your own risk.`
Initial commit 11 years ago
added reference to libpam-script 11 years ago
Update 'README.md' 7 years ago			`## Installation`
added first version files 11 years ago
			`Since working with PAM can lead to problems in authentication, keep a`
			`shell with root access open while experimenting.`

			`Install the package libpam-python:`

Add config file support, create users on the fly, update README 6 years ago			`sudo apt install libpam-python`
added first version files 11 years ago
Add config file support, create users on the fly, update README 6 years ago			Edit `pam_netsyms.py` and supply the Portal API URL and a valid API key.
Update 'README.md' 7 years ago
Add config file support, create users on the fly, update README 6 years ago			Copy the provided `pam_netsyms.py` to `/lib/security`:
added first version files 11 years ago
Add config file support, create users on the fly, update README 6 years ago			`sudo cp pam_netsyms.py /lib/security`

			`### Recommended Install`

			Make a file `/usr/share/pam-configs/netsyms` with the following content:

			`Name: Netsyms Business Apps authentication`
			`Default: no`
			`Priority: 256`
			`Auth-Type: Primary`
			`Auth:`
			`[success=end default=ignore] pam_python.so pam_netsyms.py`

			Run `sudo pam-auth-update` and enable it

			`### Manual Install`
added first version files 11 years ago
			Make a backup of the file `/etc/pam.d/common-auth`:

			`sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original`

			Edit the file `/etc/pam.d/common-auth` introducing a line in which you
			`declare your custom authentication method. It should be something like`
			`this:`

Add config file support, create users on the fly, update README 6 years ago			`auth [success=2 default=ignore] pam_python.so pam_netsyms.py`
added first version files 11 years ago
			`and should be put just before (or after, according to your needs) the`
			`other authentication methods.`

			`Some explanations:`

Update 'README.md' 7 years ago			`1. "success=2" means that the next two lines should be skipped in case of success (edit as needed)`
added first version files 11 years ago
Update 'README.md' 7 years ago			`2. "pam_python.so" is the name of the shared object that will be called by pam`
added first version files 11 years ago
Add config file support, create users on the fly, update README 6 years ago			`3. "pam_netsyms.py" is the script in python that we provide`
added first version files 11 years ago
Add config file support, create users on the fly, update README 6 years ago			`#### Sample /etc/pam.d/common-auth`
added first version files 11 years ago
Update 'README.md' 7 years ago			`This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.`
added first version files 11 years ago
Update 'README.md' 7 years ago			`auth [success=2 default=ignore] pam_unix.so nullok_secure`
Add config file support, create users on the fly, update README 6 years ago			`auth [success=1 default=ignore] pam_python.so pam_netsyms.py`
			`session required pam_mkhomedir.so skel=/etc/skel/ umask=0022`
Update 'README.md' 7 years ago			`auth requisite pam_deny.so`
			`auth required pam_permit.so`