license checking in PAM
Fredrik Tolf
fredrik at dolda2000.com
Sat Dec 23 22:14:20 UTC 2006
On Fri, 2006-12-22 at 11:34 -0800, Marcin Krzysztof Porwit wrote:
> I'm working on a pam module for a commercial product, and as part of the
> pam_sm_authenticate call, my module does a license check -- to make sure
> the product is licensed, the license is not expired, and the like. I'm
> trying to find a facility that will let me communicate some information
> about the license status to the user attempting the login -- either
> saying that there are X days remaining on the license, or that the
> authentication failed due to license expiration issues.
>
> So far I'm not finding a mechanism for passing this back to the caller.
> Does such a beast exist?
To begin with, can you not use PAM_TEXT_INFO conversation messages for
that?
However, I think you are mistaken about the entire procedure, since the
user probably couldn't care less about any license issues. The one to
care for such things would be the sysadmin, no? Therefore, I would
suggest optionally installing a cron script or similar to do periodic
license checks and mail the administrator if necessary (if you really
feel that you cannot simply rely on the syslog), rather than bothering
the user unnecessarily.
HTH,
Fredrik Tolf
More information about the Pam-list
mailing list