Local address from PAM module?
Jason DiCioccio
geniusj at gmail.com
Tue Sep 28 18:23:45 UTC 2004
On Tue, 28 Sep 2004 19:12:35 +0100 (BST), Jason Clifford
<jason at ukpost.com> wrote:
> On Tue, 28 Sep 2004, Jason DiCioccio wrote:
>
> > Thanks for the response. This module is actually designed for boxes
> > that have quite a few IPs bound to them. I need to know what address
> > the client is connecting to on the box. For example, I could have a
> > box with 10.1.1.1 and 10.1.1.2 bound to it. If you connect to my
> > server, I need to know if you're connecting to 10.1.1.1 or 10.1.1.2,
> > this is part of our authentication. Is there a way for me to find
> > this out?
>
> This seems to be a matter for the application rather than PAM - certainly
> that's how I've always implemented such requirements.
>
> For example one of my apache servers, which does virtual hosting, uses
> PAM to authenticate multiple sites - each from a different PAM
> configuration. All I have to do is to ensure that I have mod_auth_pam
> altered a little so the configuration is user selectable and then list the
> relevant configuration in the access control definitions within apache.
>
> Similarly your application's calls to PAM should set the service to use
> based upon the data it knows.
>
> Jason Clifford
> --
> UKFSN.ORG Finance Free Software while you surf the 'net
> http://www.ukfsn.org/ ADSL Broadband from just £22.50 / month
>
>
Thanks Jason (wow, there's a lot of Jasons).. This was unfortunately
the answer I was expecting. The reason behind the PAM module is so
that we wouldn't have to modify the code for our various services each
time we wanted to upgrade them. However, I suppose adding a couple of
lines to the code is still a lot better than having to add ~200 lines.
Thanks!
Jason DiCioccio
More information about the Pam-list
mailing list