|
|
|
@ -25,14 +25,14 @@ Edit the file `/etc/pam.d/common-auth` introducing a line in which you
|
|
|
|
|
declare your custom authentication method. It should be something like
|
|
|
|
|
this:
|
|
|
|
|
|
|
|
|
|
auth [success=1 default=ignore] pam_python.so pam_custom.py
|
|
|
|
|
auth [success=2 default=ignore] pam_python.so pam_custom.py
|
|
|
|
|
|
|
|
|
|
and should be put just before (or after, according to your needs) the
|
|
|
|
|
other authentication methods.
|
|
|
|
|
|
|
|
|
|
Some explanations:
|
|
|
|
|
|
|
|
|
|
1. "success=2" means that the next line should be skipped in case of success (edit as needed)
|
|
|
|
|
1. "success=2" means that the next two lines should be skipped in case of success (edit as needed)
|
|
|
|
|
|
|
|
|
|
2. "pam_python.so" is the name of the shared object that will be called by pam
|
|
|
|
|
|
|
|
|
@ -42,9 +42,7 @@ Some explanations:
|
|
|
|
|
|
|
|
|
|
This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.
|
|
|
|
|
|
|
|
|
|
<code>
|
|
|
|
|
auth [success=2 default=ignore] pam_unix.so nullok_secure
|
|
|
|
|
auth [success=1 default=ignore] pam_python.so pam_custom.py
|
|
|
|
|
auth requisite pam_deny.so
|
|
|
|
|
auth required pam_permit.so
|
|
|
|
|
</code>
|