Home Contact Download

asyd.net

Welcome to Bruno Bonfils's (aka asyd homepage).
Trace:

Differences

This shows you the differences between the selected revision and the current version of the page.

projects:pam_eaccess 2005/11/07 08:34 projects:pam_eaccess 2008/10/03 08:25 current
Line 4: Line 4:
(for which you want add authorization) you can define the list of users (or all) who are allowed (for which you want add authorization) you can define the list of users (or all) who are allowed
to connect to this service. to connect to this service.
 +
 +=====Features=====
 +
 +  * file backend
 +  * per service definition
 +  * LDAP backend
 +
 +=====Roadmap=====
 +
 +  * SQL backend
 +  * Per user IP filter
======Installation==== ======Installation====
 +
 +=====From SVN repository=====
<code> <code>
-# svn co http://svn.asyd.net/svn/pam_eaccess/tags/20051106 pam_eaccess+# svn co http://svn.asyd.net/svn/pam_eaccess/releases/0.1 pam_eaccess 
 +# cd pam_eaccess
# autoconf # autoconf
# ./configure # ./configure
# make # make
-# make install+# sudo make install
</code> </code>
-Check if you have the ///lib/security/pam_eaccess.o/+Then, check if you have ///lib/security/pam_eaccess.so// 
 + 
 +=====From tarball===== 
 + 
 +<code> 
 +# wget http://asyd.net/upstream/pam_eaccess-0.1.tar.gz 
 +# tar xvfz pam_eaccess-0.1.tar.gz 
 +# cd pam_eaccess 
 +# ./configure 
 +# make 
 +# sudo make install 
 +</code> 
 + 
 +Then, check if you have ///lib/security/pam_eaccess.so// 
 + 
 +======Usage====== 
 + 
 +=====pam.d/<service>===== 
 + 
 +Well, it's actually very simple, you just need to add the following line to pam config : 
 + 
 +<code> 
 +auth      required    pam_eaccess.so  
 +</code> 
 + 
 +Note: the keyword debug is supported. 
 + 
 +=====/etc/pam-access.conf===== 
 + 
 +Note: this filename is actually hardcoded, you can't use another destination 
 + 
 +<code> 
 +pamtest: asyd, bruno 
 +login: [ALL] 
 +</code> 
 + 
 +This file has the following form : 
 + 
 +  * one service per line, the service name MUST be followed by : 
 +  * users lists coma separated 
 + 
 +The keyword [ALL] which can be used for service and/or users act as a wildcard. 
 + 
 +======Testing====== 
 + 
 +=====Requirements===== 
 + 
 +There is a very simple way to test the pam_eaccess module, you need : 
 + 
 +  * pam_pwdfile 
 +  * Perl module Authen::PAM  
 +  * pam_eaccess 
 + 
 +=====pam.d/<service> file===== 
 + 
 +Create a pam.d resource file for a test service, like pameaccesstest, which contains : 
 + 
 +///etc/pam.d/pameaccess// 
 +<code> 
 +auth      required    pam_eaccess.so debug 
 +auth      required    pam_pwdfile.so pwdfile /etc/others.passwd 
 +</code> 
 + 
 +=====passwd file===== 
 + 
 +Create the file /etc/others.passwd which contains something like : 
 + 
 +///etc/others.passwd// 
 +<code> 
 +asyd:password 
 +bruno:password 
 +</code> 
 + 
 +Checking doc which come with your pwdfile upstream to know the format of password you must use (probably crypt/MD5) 
 + 
 +=====Testing===== 
 + 
 +Play with /etc/pam-access.conf, and use the pam-test.pl which comes with pam_eaccess 
 + 
 +<code> 
 +# echo "pamaccess: asyd" > /etc/pam.access 
 +# ./pam-test.pl pamaccess asyd mysecret  
 +[pam_myaccess.c:pam_sm_authenticate(52)] module called for service: pamaccess, user: asyd 
 +[pam_myaccess.c:pam_sm_authenticate(59)] no backend defined, use file 
 +[backends/file.c:check_access_file(70)] service pamaccess match pamaccess 
 +[backends/file.c:check_access_file(90)] user asyd match asyd 
 +Authentication succeeded 
 +</code>
-======+~~DISCUSSION~~