[PLUG] script to verify users credentials using pam on Ubuntu

Lee Marzke on 16 Mar 2011 08:21:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] script to verify users credentials using pam on Ubuntu

From: Lee Marzke <lee@marzke.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] script to verify users credentials using pam on Ubuntu
Date: Wed, 16 Mar 2011 11:21:50 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Dynamic Internet Messaging Program (DIMP) H3 (1.0)

Hi,

I've got a requirement for a web application to verify each usersidentity ( e.g. pass the username and

password to a script ,  and have the script return pass/fail )

I've got likewise open installed that has pam libraries thatauthenticate users fine, so authenticationis working for login to the Linux box via ssh, etc., but I need thescript to just pass the auth paramaters

to pam and get pass/fail.

All the pam stuff seems to be installed and working, for example hereis the config file.


/etc/pam.d/common-auth
=====================
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_lsass.so try_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
=====================


use case:

I'm just trying to authenticate web users against AD, but the ADserver requires a bind before I can verifyuser password. So on a windows box I have a script that work ( and thebind isn't enforced )

I though joining Ubuntu to the domain ( with Likewise Open) would fixthis , but it hasn't ) . So I'm now looking

for a way to use the Likewise pam modules to verify the user credentials.


--

Lee Marzke <lee@marzke.net>

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] script to verify users credentials using pam on Ubuntu
  - From: Matt Mossholder <matt@mossholder.com>
- Re: [PLUG] script to verify users credentials using pam on Ubuntu
  - From: Sean Finney <seanius@seanius.net>

Prev by Date: [PLUG] Software Engineering Position - WineAccess.com in Narberth, PA
Next by Date: Re: [PLUG] script to verify users credentials using pam on Ubuntu
Previous by thread: [PLUG] Software Engineering Position - WineAccess.com in Narberth, PA
Next by thread: Re: [PLUG] script to verify users credentials using pam on Ubuntu
Index(es):
- Date
- Thread