accessing telnet/ssh Server IP adress information within PAM module.. HOW?

R Mruthyunjaya mutthuraj at yahoo.com
Thu Sep 29 23:47:35 UTC 2005 

Here's the problem :
 
 I have multihomed Linux machine with 10 logical ip
addresses attached to a NIC interface eth0.
 Within my PAM module, I need to know the IP address
used to access this machine.
 If the IP address used is of eth0, I will pass the
control to pam_unix module for authentication.
 If the IP address used is a logical IP Address, I do
my own authentication.
 
 For eg: telnet <eth0>       
         telnet <logicalIp1>
  Both these telnet commands from a telnet client,
will lead to my Linux machine. I need to read the
  IP Address used (eth0 or logicalip1 in the above
eg.) within the PAM module.
 
 Here's the system-auth file:
 
 auth        required     
/lib/security/$ISA/pam_env.so

auth        [success=done new_authtok_reqd=done
try_again=done default=ignore]   
/lib/security/pam_edisession.so

auth        sufficient   
/lib/security/$ISA/pam_unix.so likeauth

auth        required     
/lib/security/$ISA/pam_deny.so
 
account     required     
/lib/security/$ISA/pam_unix.so
 
password    required     
/lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient   
/lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    required     
/lib/security/$ISA/pam_deny.so
 
session     required     
/lib/security/$ISA/pam_limits.so
session     required     
/lib/security/$ISA/pam_unix.so

 
 
pam_edisession.so is my module where am trying to
capture the login info based on which IP address used.
Am also attaching the test C code for this module. At
line 161, i wanted the logic of accessing IP address
used
which is commented right now!
 
 
Please let me know if there is any other way to
accomplish this task.
 
Other approach which is not fullproof was that I
swapped Lines 2 and 3 in the system-auth file above so
that
pam_unix does the authentication first and if it
fails, it falls thro' to pam_edisession where I want
to access the 
username/passwd used already(without prompting again)
to do my own authentication. In this case, I don't
need the info about which IP address used. 
But, I couldn't access the passwd  with 
 pam_get_item(pamh, PAM_AUTHTOK,(const void **)
&item);  call.

thanks
Mutu


		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_edisession.c
Type: text/x-csrc
Size: 7380 bytes
Desc: 1551210501-pam_edisession.c
URL: <http://listman.redhat.com/archives/pam-list/attachments/20050929/68cfd30d/attachment.bin>

More information about the Pam-list mailing list