Is it possible to use custom script for authentication with PAM?

ssh sftp ruby-on-rails ruby pam
8,582

Solution 1

pam_exec can validate passwords using an external program.

Solution 2

You could write your own PAM module if you want. But the other solution is probably better. Check out a sample PAM module here: http://www.freebsd.org/doc/en/articles/pam/pam-sample-module.html

Solution 3

If this rails info is in a mysql dbase you can configure pam_mysql. There are pam modules for just about everything.

Here's one for ftp that I have with mysql:

session    optional     pam_keyinit.so    force revoke
auth       required pam_listfile.so   item=user sense=allow file=/etc/vsftpd/ftpusers onerr=fail
auth       sufficient   pam_mysql.so      user=virt_admin passwd=PASS host=localhost db=DBNAME table=TABLENAME usercolumn=USERNAMECOL passwdcolumn=PASSCOL crypt=3
auth       required pam_shells.so
auth       include  system-auth
account    sufficient   pam_mysql.so       user=virt_admin passwd=PASS host=localhost db=DBNAME table=TABLENAME usercolumn=USERNAMECOL passwdcolumn=PASSCOL crypt=3
account    include  system-auth
session    include  system-auth
session    required     pam_loginuid.so

You could also run a script that periodically dumps the username:passwords into a file and use the pam_pwdfile. There are a slew of choices.

http://www.kernel.org/pub/linux/libs/pam/modules.html

Share:
8,582

Related videos on Youtube

retro
Author by

retro

CTO at 212software based in Zagreb, Croatia.

Updated on September 17, 2022

Comments

  • retro
    retro over 1 year

    I want to enable users to use my rails application's credentials for login to sftp account. If I understand correctly I should somehow use PAM for this. But I didn't find any info on how to do this?

  • Michael Mior
    Michael Mior over 14 years
    Just a note that documentation is here: pam-mysql.sourceforge.net
  • retro
    retro over 14 years
    This seems like the solution I need. Although I couldn't find any info how the script should look and what should I return. I'm pretty new to PAM and it seems that pam_exec is not that much used solution. I know I'm asking for a lot, but do you have any other example than one in man page for pam_exec?
  • ptman
    ptman over 14 years
    No, I don't have any examples. And that man-page seems older than the one on my system. Based on my man-page I can guess though, that you want something like: auth requisite pam_exec.so expose_authtok seteuid /usr/sbin/password-checking-program where /usr/sbin/password-checking-program reads the password on stdin and returns 0 (success) if it is valid and anything else if it isn't.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to get full control of umask/PAM/permissions?
Heroku app crashing
What is the difference between render and yield in Rails
Rails: Date.today - 1.day
Rails: validating a field is present only if another is present
Getting error "Cannot allocate memory" for Rails
comparison of Date with ActiveSupport::TimeWithZone failed
Failed to open TCP connection
How to convert a string to an array using Ruby on Rails
When should i use DateTime vs date, time fields in ruby/rails?