Lee Marzke on 16 Mar 2011 08:21:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] script to verify users credentials using pam on Ubuntu


I've got a requirement for a web application to verify each users identity ( e.g. pass the username and
password to a script ,  and have the script return pass/fail )

I've got likewise open installed that has pam libraries that authenticate users fine, so authentication is working for login to the Linux box via ssh, etc., but I need the script to just pass the auth paramaters
to pam and get pass/fail.

All the pam stuff seems to be installed and working, for example here is the config file.

# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_lsass.so try_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

use case:
I'm just trying to authenticate web users against AD, but the AD server requires a bind before I can verify user password. So on a windows box I have a script that work ( and the bind isn't enforced )

I though joining Ubuntu to the domain ( with Likewise Open) would fix this , but it hasn't ) . So I'm now looking
for a way to use the Likewise pam modules to verify the user credentials.


Lee Marzke <lee@marzke.net>

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug