sw:pam_require
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
sw:pam_require [2006/11/08 11:55] – old revision restored andi | sw:pam_require [2009/07/24 20:27] (current) – 87.234.80.129 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== pam_require ====== | ||
+ | This is a simple PAM account module. It is meant to be used together | ||
+ | with other modules! It allows you to require a special user or group | ||
+ | to access a service. | ||
+ | |||
+ | It's available at http:// | ||
+ | |||
+ | ===== Installation ===== | ||
+ | |||
+ | You need the pam-devel files to compile it. In Debian do: | ||
+ | | ||
+ | # apt-get install libpam0g-dev | ||
+ | |||
+ | Compiling and installing __should__ be straight forward: | ||
+ | |||
+ | $> ./configure | ||
+ | $> make | ||
+ | $> su | ||
+ | #> make install | ||
+ | |||
+ | Note: on Fedora you must install the pam-devel package prior to installing modules. This can be accomplished by executing 'yum install pam-devel' | ||
+ | |||
+ | ===== Usage ===== | ||
+ | |||
+ | The module is an account module only! It has no usage as auth, | ||
+ | password or session module! | ||
+ | |||
+ | **Please Note:** The Syntax has changed from Version 0.1 | ||
+ | |||
+ | It accepts usernames or groupnames as parameter. Groupnames have to | ||
+ | be given with a leading @. Just have a look at the examples below: | ||
+ | |||
+ | This requires the user to be in a group called " | ||
+ | |||
+ | account | ||
+ | account | ||
+ | |||
+ | This only allows user " | ||
+ | | ||
+ | account | ||
+ | account | ||
+ | |||
+ | Here either " | ||
+ | |||
+ | account | ||
+ | account | ||
+ | |||
+ | Since version 0.3 you may let in everybody __except__ the named group | ||
+ | or user. This example keeps out members of the lusers group: | ||
+ | |||
+ | account | ||
+ | account | ||
+ | |||
+ | Since version 0.4 you can define users and groups with spaces, just use | ||
+ | colons instead of the spaces. You should always avoid using spaces in | ||
+ | usernames and groups but sometimes it is necessary (most times some kind of | ||
+ | interaction with Microsoft products is involved). The example lets in "Joe | ||
+ | Schmoe" | ||
+ | |||
+ | account | ||
+ | account | ||
+ | |||
+ | Version 0.7 adds the possibility to do case insensitive checks using | ||
+ | the no_case option. The following matches " | ||
+ | |||
+ | account | ||
+ | account | ||
+ | |||
+ | |||
+ | ===== Bugs / Known Issues ===== | ||
+ | |||
+ | Be careful with the negation (!). All parameters are logically OR'ed together | ||
+ | so if one statement is true access is granted. A simple example to explain - | ||
+ | Imagine this line: | ||
+ | |||
+ | account | ||
+ | account | ||
+ | |||
+ | This would let in all users in group schmocks that are not in group lusers. | ||
+ | To keep out both groups use two lines like this: | ||
+ | |||
+ | account | ||
+ | account | ||
+ | account | ||
+ | |||
+ | The module discards all standard parameter which are: debug, no_warn, | ||
+ | use_first_pass, | ||
+ | two things: First these parameter doesn' | ||
+ | behavior and second you can't have users with these names. | ||
+ | |||
+ | ===== Thanks ===== | ||
+ | |||
+ | To Jennifer Vesperman for her very helpful article " | ||
+ | at http:// | ||
+ | |||
+ | To Jens Chr. Bachem < | ||
+ | |||
+ | To Svein Olav Bjerkeset < | ||
+ | change for compiling on Solaris. | ||
+ | |||
+ | To Scipio < | ||
+ | |||
+ | To Jon Severinsson < | ||
+ | primary group membership test | ||
+ | |||
+ | To Alexander E. Patrakov < | ||
+ | to build Debian package | ||
+ | |||
+ | To Xim Tur i Massanet < | ||
+ | a fix to make deny only work | ||
+ | |||
+ | ===== Feedback ===== | ||
+ | |||
+ | I'm always open to suggestions or hints that help me make my C better. | ||
+ | I'm completely new to the whole autoconf/ | ||
+ | this are greatly appreciated. | ||
+ | |||
+ | Just contact me at < | ||
+ | http:// | ||
+ | |||
+ | ===== License ===== | ||
+ | |||
+ | pam_require - A simple PAM account module | ||
+ | Copyright (C) 2003-2009 Andreas Gohr < | ||
+ | | ||
+ | This program is free software; you can redistribute it and/or | ||
+ | modify it under the terms of the GNU General Public License | ||
+ | as published by the Free Software Foundation; either version 2 | ||
+ | of the License, or (at your option) any later version. | ||
+ | | ||
+ | This program is distributed in the hope that it will be useful, | ||
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
+ | GNU General Public License for more details. | ||
+ | | ||
+ | You should have received a copy of the GNU General Public License | ||
+ | along with this program; if not, write to the Free Software | ||
+ | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |