A simple PAM authentication module for authenticating Linux users against the AccountHub API.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Skylar Ittner d8f0ba314b Change #! to python3, show 2fa numbers when typed 4 years ago
LICENSE.txt added first version files 9 years ago
README.md Update 'README.md' 4 years ago
pam_custom.py Change #! to python3, show 2fa numbers when typed 4 years ago


PAM for Portal

This is a simple project with the goal of allowing Linux PAM authentication using the Portal API.


Since working with PAM can lead to problems in authentication, keep a shell with root access open while experimenting.

Install the package libpam-python:

sudo apt-get install libpam-python

Copy the provided pam_custom.py and pam_custom.sh in /lib/security:

sudo cp pam_custom.py pam_custom.sh /lib/security 

Make a backup of the file /etc/pam.d/common-auth:

sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original

Edit the file /etc/pam.d/common-auth introducing a line in which you declare your custom authentication method. It should be something like this:

auth  [success=2 default=ignore] pam_python.so pam_custom.py /lib/security/pam_custom.sh

and should be put just before (or after, according to your needs) the other authentication methods.

Some explanations:

  1. "success=2" means that the 2 following lines should be skipped in case of success (edit as needed)

  2. "pam_python.so" is the name of the shared object that will be called by pam

  3. "pam_custom.py" is the script in python that we provide

  4. "/lib/security/pam_custom.sh" is the bash script that is called by the python script (if needed)

Edit the file /lib/security/pam_custom.sh according to your needs. It is a bash script that receives username and password as command line arguments, and must exit with 0 if the authentication is to be granted, or a non-zero value otherwise.