Reputation: 145
Linux custom authentication with pam_exec
I'm having trouble finding an example on how to use pam_exec to run an external program that will authenticate users when they log in.
I have the following in my pam.d file:
auth required pam_exec.so debug log=/tmp/aa /path/to/myscript
What should my script contain to allow or disallow authentication?
Upvotes: 6
Views: 6766
Answers (2)
Reputation: 21
In reaction to the above comment:
In my case, the auth script was OK, but PAM failed at the account stage:
authentication: pam_unix(postgresql:account): could not identify user (from getpwnam(myuser))
This is logged to syslog (if you are tinkering with PAM in docker, pass -v /dev/log:/dev/log to docker run to see the PAM syslog messages in host's syslog).
The solution was to add the following to the pam.d file:
account sufficient pam_permit.so
Upvotes: 2
Reputation: 41
pam_exec will simply examine exit code of your script. If it is not equal to zero you will have denied authorization.
Upvotes: 4
Related Questions
- Writing PAM Module that Will Read Password From File and Log the User In
- Pam.exec exit code 8
- Custom PAM for SSHD in C
- How to authenticate a user using PAM?
- How to authenticate username/password using PAM w/o root privileges
- How to plug in custom authentication into Linux?
- Authenticate user in linux with python 3
- pam_exec and security
- Python Unix authentication
- How can I add custom two-factor authentication with C++, Pam & Ubuntu?