2017-11-24 23:22:30 -07:00
# PAM for Business Apps
This is a simple project with the goal of allowing Linux PAM authentication using the AccountHub API. Use at your own risk.
2013-02-17 08:10:27 -08:00
2013-02-19 07:55:18 +01:00
2017-05-25 20:32:47 -06:00
## Installation
2013-02-17 19:08:10 +01:00
Since working with PAM can lead to problems in authentication, keep a
shell with root access open while experimenting.
Install the package libpam-python:
2018-02-23 16:11:07 -07:00
sudo apt install libpam-python
2013-02-17 19:08:10 +01:00
2018-02-23 16:11:07 -07:00
Edit `pam_netsyms.py` and supply the Portal API URL and a valid API key.
2017-05-25 21:34:58 -06:00
2018-02-23 16:11:07 -07:00
Copy the provided `pam_netsyms.py` to `/lib/security` :
2013-02-17 19:08:10 +01:00
2018-02-23 16:11:07 -07:00
sudo cp pam_netsyms.py /lib/security
2018-02-24 03:42:44 -07:00
### Packages
You can install this project on Ubuntu/Debian-based systems. Simply add [this repository ](https://repo.netsyms.com/ ) and install `netsyms-pam-auth` . You will be asked for a Business Apps server URL and API key during the install process.
2018-02-23 16:11:07 -07:00
2018-02-24 03:42:44 -07:00
### Install
2018-02-23 16:11:07 -07:00
Make a file `/usr/share/pam-configs/netsyms` with the following content:
Name: Netsyms Business Apps authentication
Default: no
Priority: 256
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_python.so pam_netsyms.py
Run `sudo pam-auth-update` and enable it
### Manual Install
2013-02-17 19:08:10 +01:00
Make a backup of the file `/etc/pam.d/common-auth` :
sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth.original
Edit the file `/etc/pam.d/common-auth` introducing a line in which you
declare your custom authentication method. It should be something like
this:
2018-02-23 16:11:07 -07:00
auth [success=2 default=ignore] pam_python.so pam_netsyms.py
2013-02-17 19:08:10 +01:00
and should be put just before (or after, according to your needs) the
other authentication methods.
Some explanations:
2017-05-25 21:35:38 -06:00
1. "success=2" means that the next two lines should be skipped in case of success (edit as needed)
2013-02-17 19:08:10 +01:00
2017-05-25 21:34:58 -06:00
2. "pam_python.so" is the name of the shared object that will be called by pam
2013-02-17 19:08:10 +01:00
2018-02-23 16:11:07 -07:00
3. "pam_netsyms.py" is the script in python that we provide
2013-02-17 19:08:10 +01:00
2018-02-23 16:11:07 -07:00
#### Sample /etc/pam.d/common-auth
2013-02-17 19:08:10 +01:00
2017-05-25 21:34:58 -06:00
This config file will gather the username and password and attempt a normal login. If that fails, PAM will try to process the login via this module.
2013-02-17 19:08:10 +01:00
2017-05-25 21:34:58 -06:00
auth [success=2 default=ignore] pam_unix.so nullok_secure
2018-02-23 16:11:07 -07:00
auth [success=1 default=ignore] pam_python.so pam_netsyms.py
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
2017-05-25 21:34:58 -06:00
auth requisite pam_deny.so
auth required pam_permit.so
