Authentication Module, PAMAuth

PAMAuth enables you to authenticate against an PAM server. You must already have an PAM server setup and working before this module can be tested.


Installing and Setup

Some applications come with PAMAuth already built. If you have not got a build and/or require the lastest code it can be downloaded from the one of the links below:

FreeBSD 4 pamauth10g_freebsd4.tar.Z 22k
Linux (Libc6) pamauth10g_linuxlibc6.tar.Z 56k
Solaris pamauth10g_solaris.tar.Z 56k
 

Configuration Options:

The configuration options below go in an pamauth.ini file which is located in the same directory as the PAMAuth binary OR in a directory specified by the -path command line option.

Setting Default  
pam_service nis+  This is the name of the PAM module you want PAMAuth to use.
cache_mins 1 This is how long it takes a users password in the pamauth_cache to go stale. Once stale a password is removed from the pamauth_cache.
cache_size 2 This is how big the pamauth_cache is allowed to get before stale passwords are removed.
check_prompt Password: This is the prompt given to PAMAuth by the PAM module when a user is verified.
set_prompt_old Enter login(NIS+) password: This is the prompt given to PAMAuth by the PAM module when a user wants to change thier password, some modules do not ask for this, especially if PAMAuth is run as root. The reply is the old password (which PAMAuth gets from pamauth_cache)
set_prompt_new New password: This it the prompt given to PAMAuth by the PAM module when a user wants to change thier password, the reply is the new password.
set_prompt_new_again Re-enter new password: This is the prompt given to PAMAuth by the PAM module when a user wants to change thier password, the reply is the new password again.
forward_umask 022 This is the umask applied to the .forward file when PAMAuth creates it for a user.
forward_owner $user This is the owner applied to the .forward file when PAMAuth creates it.
forward_group $user This is the group applied to the .foraward file when PAMAuth creates it.
password_history_path This is the path where PAMAuth should create password history files, entering no value disables the feature. This feature enables you to force users to set thier password to something new at least password_history_count times.
password_history_count 5 This is the number of old passwords PAMAuth remembers for each user in a hashed directory tree in password_history_path.
loglevel info This is the amount of information to log about the daily runnings of PAMAuth, valid options are error, info and debug.
debug false If set to 'true' this is the same as 'loglevel debug'
domain The domain name, if set this domain name is appended to all usernames returned by all the commands. It is NOT appended to usernames added to the system.

 

Command Line Options:

-path Tells PAMAuth where to create it's logfile and where to find it's config file.
-debug Sets the logging level to debug.


Supported Commands

The commands below are the list of commands that this module supports. For a full description about the command see Authentication Protocol

Command Parameters
check <user> <pass>
lookup <user>
set <user> <pass>|(NULL) [label="value"]
version
help
quit
exit