[ale] Implmenting PAM

matty91 at bellsouth.net matty91 at bellsouth.net
Sat Sep 27 09:23:47 EDT 2003


On Thu, 18 Sep 2003, Christopher Fowler wrote:

>
>
> I'm looking at implmenting PAM do do some custom
> authentication stuff.  I know you can tell PAM to authenticate
> certain applications with certain method but is there
> a way to tell PAM to try many.
>
>
> 1) Use connects to ssh server.
> 2) Is user in /etc/passwd
>    Yes:  Goto end
>    No: 3) Is use in RADIUS Server
>         Yes: Goto End
>         No: 4) Is user in TACAS+ Server
>             Yes: Goto End
>             No: 5) Last try for LDAP
>                 Yes: Goto End
>                 No: "Unknown User"
>
> END:
>   User Authenticated.
>

Have you looked for RADIUS/TACAS pAM modules? You should be able to
use various modules with the "Control Flags" option to get the
functionality you want:

if (auth_user(/etc/passwd) = true)
   exit
else if (auth_user(RADIUS+ = true)
   exit
...

The Solaris PAM implementation allows for this. I have not
tested or validated my claims on Linux ;)

>
>
> In ourder to support our ACL's I'm going to
> have to modify each of the above PAM modules to
> support ACL's
>
> Chris
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>

Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
Public Key: http://www.daemons.net/~matty/public_key.txt
Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF



More information about the Ale mailing list