|
projects:pam_eaccess 2005/11/07 08:47 |
projects:pam_eaccess 2008/10/03 08:25 current |
| | * file backend | | * file backend |
| | * per service definition | | * per service definition |
| | + | * LDAP backend |
| | + | |
| | + | =====Roadmap===== |
| | + | |
| | + | * SQL backend |
| | + | * Per user IP filter |
| | | | |
| | ======Installation==== | | ======Installation==== |
| | + | |
| | + | =====From SVN repository===== |
| | | | |
| | <code> | | <code> |
| - | # svn co http://svn.asyd.net/svn/pam_eaccess/tags/20051107 pam_eaccess | + | # svn co http://svn.asyd.net/svn/pam_eaccess/releases/0.1 pam_eaccess |
| | + | # cd pam_eaccess |
| | # autoconf | | # autoconf |
| | # ./configure | | # ./configure |
| | # make | | # make |
| - | # make install | + | # sudo make install |
| | </code> | | </code> |
| | | | |
| - | Check if you have ///lib/security/pam_eaccess.o// | + | Then, check if you have ///lib/security/pam_eaccess.so// |
| | + | |
| | + | =====From tarball===== |
| | + | |
| | + | <code> |
| | + | # wget http://asyd.net/upstream/pam_eaccess-0.1.tar.gz |
| | + | # tar xvfz pam_eaccess-0.1.tar.gz |
| | + | # cd pam_eaccess |
| | + | # ./configure |
| | + | # make |
| | + | # sudo make install |
| | + | </code> |
| | + | |
| | + | Then, check if you have ///lib/security/pam_eaccess.so// |
| | | | |
| | ======Usage====== | | ======Usage====== |
| | | | |
| | The keyword [ALL] which can be used for service and/or users act as a wildcard. | | The keyword [ALL] which can be used for service and/or users act as a wildcard. |
| | + | |
| | + | ======Testing====== |
| | + | |
| | + | =====Requirements===== |
| | + | |
| | + | There is a very simple way to test the pam_eaccess module, you need : |
| | + | |
| | + | * pam_pwdfile |
| | + | * Perl module Authen::PAM |
| | + | * pam_eaccess |
| | + | |
| | + | =====pam.d/<service> file===== |
| | + | |
| | + | Create a pam.d resource file for a test service, like pameaccesstest, which contains : |
| | + | |
| | + | ///etc/pam.d/pameaccess// |
| | + | <code> |
| | + | auth required pam_eaccess.so debug |
| | + | auth required pam_pwdfile.so pwdfile /etc/others.passwd |
| | + | </code> |
| | + | |
| | + | =====passwd file===== |
| | + | |
| | + | Create the file /etc/others.passwd which contains something like : |
| | + | |
| | + | ///etc/others.passwd// |
| | + | <code> |
| | + | asyd:password |
| | + | bruno:password |
| | + | </code> |
| | + | |
| | + | Checking doc which come with your pwdfile upstream to know the format of password you must use (probably crypt/MD5) |
| | + | |
| | + | =====Testing===== |
| | + | |
| | + | Play with /etc/pam-access.conf, and use the pam-test.pl which comes with pam_eaccess |
| | + | |
| | + | <code> |
| | + | # echo "pamaccess: asyd" > /etc/pam.access |
| | + | # ./pam-test.pl pamaccess asyd mysecret |
| | + | [pam_myaccess.c:pam_sm_authenticate(52)] module called for service: pamaccess, user: asyd |
| | + | [pam_myaccess.c:pam_sm_authenticate(59)] no backend defined, use file |
| | + | [backends/file.c:check_access_file(70)] service pamaccess match pamaccess |
| | + | [backends/file.c:check_access_file(90)] user asyd match asyd |
| | + | Authentication succeeded |
| | + | </code> |
| | + | |
| | + | ~~DISCUSSION~~ |
