writing custom pam!!!

Thu Jun 14 12:46:43 UTC 2007

I think your question is quite difficult to understand as the
implementation of your authentication needs is not clearly stated. I am
not sure I understand what you mean by OTP? Is this OTP a service? Does
it accept arguments such as username and password? I need some
clarification on these bits to help further.

There are currently many PAM modules which can be used to authenticate a
fairly wide variety of services (radius, kerberos, ldap etc.) and you
could simply implement one that suites your needs if one exists currently.

If you are looking for existing modules to authenticate using the PAM
libraries I would recommend looking here ->
http://www.kernel.org/pub/linux/libs/pam/modules.html

If you are looking to develop a stand alone PAM module to perform your
authentication I would recommend reading up on PAM development here ->
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_MWG.html

Jas

lisa laam wrote:
> Hi,
> 
> 
> I have a trainee.
> -I have to write a module witch should be able to authenticate users
> with username and password concatenated to OTP (One Time Password)
> rather than only password.
> - this module should be able to authenticate first the user within
> Active Directory and then validate the OTP.
> -The module that validate the OTP is Servlet (JAVA module). and i should
> use it for OTP validation.
> 
> -what i should implment is a proof of concept.
> 
> -After studiying the different AAA (radius, kerberos, ..) severs, I
> propose to use Freeradius to integrate this module for remote  access
> (for a simple prrof of concept). my choice was based on the fact that
> Radius protocol is hily supported.
> -For web access I thought writting a module (PAM module) for an Apache
> Server./ your comment?
> 
> -The first probleme is that i have only two months left to implement one
> of the two solution (Apache or Radius) so i should choose rapidlly.
> Witch of the two is easiest to implement??
> - ths second probleme is that this is the first time i deal with
> Freeradius, PAM, Apache.
> 
> my questions are :
> 
> 2- if i used Freeradius, then what would be easy and rapide to implement
> a PAM module or using JRadius (i tried to install Jradius patch, but
> didn't succeed)? Did you advice me JRadius (I thougt about JRadius
> because the OTP validation programme is written in JAVA) ?
> 3- about PAM modules, I understand that we could use this independently
> from Freeradius Server. Is this true. would it be easier and fatser to
> implement a standalone PAM?
> 
> please need your advice. help me to choose :
> 
> - Freeradius+ PAM or
> - Freeradius+ JRadius or
> - Freeradius+ waht ? or
> - Apache + PAM or
> - standalone PAM ?? or
> - what
> 
> thanks in advance
> 
> 
> Lisa
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

-- 
Jason Gerfen
jason.gerfen at scl.utah.edu

University Of Utah
Marriott Library

"It's not my problem... Wooo Hooo!"