[ale] Implmenting PAM
matty91 at bellsouth.net
matty91 at bellsouth.net
Sat Sep 27 09:23:47 EDT 2003
On Thu, 18 Sep 2003, Christopher Fowler wrote:
>
>
> I'm looking at implmenting PAM do do some custom
> authentication stuff. I know you can tell PAM to authenticate
> certain applications with certain method but is there
> a way to tell PAM to try many.
>
>
> 1) Use connects to ssh server.
> 2) Is user in /etc/passwd
> Yes: Goto end
> No: 3) Is use in RADIUS Server
> Yes: Goto End
> No: 4) Is user in TACAS+ Server
> Yes: Goto End
> No: 5) Last try for LDAP
> Yes: Goto End
> No: "Unknown User"
>
> END:
> User Authenticated.
>
Have you looked for RADIUS/TACAS pAM modules? You should be able to
use various modules with the "Control Flags" option to get the
functionality you want:
if (auth_user(/etc/passwd) = true)
exit
else if (auth_user(RADIUS+ = true)
exit
...
The Solaris PAM implementation allows for this. I have not
tested or validated my claims on Linux ;)
>
>
> In ourder to support our ACL's I'm going to
> have to modify each of the above PAM modules to
> support ACL's
>
> Chris
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
Public Key: http://www.daemons.net/~matty/public_key.txt
Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
More information about the Ale
mailing list