[ale] Implmenting PAM

Christopher Fowler cfowler at outpostsentinel.com
Thu Sep 18 14:31:47 EDT 2003


On Thu, Sep 18, 2003 at 02:05:21PM -0400, Geoffrey wrote:
> Christopher Fowler wrote:
> >
> >I'm looking at implmenting PAM do do some custom 
> >authentication stuff.  I know you can tell PAM to authenticate
> >certain applications with certain method but is there
> >a way to tell PAM to try many.
> >
> >
> >1) Use connects to ssh server.
> >2) Is user in /etc/passwd
> >   Yes:  Goto end
> >   No: 3) Is use in RADIUS Server
> >        Yes: Goto End
> >        No: 4) Is user in TACAS+ Server
> >            Yes: Goto End
> >            No: 5) Last try for LDAP
> >                Yes: Goto End
> 
> You forgot:
> 			6) does user have a note from their mother?
> 				Yes: Goto End
> >                No: "Unknown User"
> >
> >END:
> >  User Authenticated.
> 
> By the time they're authenticated, their password will have expired...

The idea is that one call to say getuser(char *name) will try to search all
supported auth methods until a mathc can be found.  IF the user is not in /etc/passwd
and radius is supported then radius is checked. ....  I do this now because I've
replaced glibc's getpwnam() with my own version.  The application like sshd does not
even know that it got the data in the passwd struct from a RADIUS server.


> 
> -- 
> Until later: Geoffrey		esoteric at 3times25.net
> 
> The latest, most widespread virus?  Microsoft end user agreement.
> Think about it...
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list