#61 PAM authentication

Reporter MattJ
Owner MattJ
Created
Updated
Stars ★★★★ (5)  
Tags
  • Type-Enhancement
  • Status-Started
  • Priority-Medium
  1. MattJ on

    Support for authentication via PAM

  2. MattJ on

    Started this, but couldn't get a simple PAM test application to work. Someone with more PAM experience (not necessarily from a coding point of view) please step up to help me.

    Changes
    • tags Milestone-0.6
  3. MattJ on

    Pushing back to 0.7. Again, someone who is familiar with PAM would be appreciated :)

    Changes
    • tags Milestone-0.6 Milestone-0.7
  4. MattJ on

    This can be closed by the new Cyrus SASL patch which is pending review/integration and due for for 0.7.

    Changes
    • tags Status-Started
  5. torsten.raudssus on

    Native PAM is required, ticket stays open <smile> Native support is important to stay independent of anything around. Many people would like to have a specific structure which probably not involve a Cyrus SASL (beside that I personally had only totally bad experiences with Cyrus SASL). Also it is important for being simple.

  6. MattJ on

    Removing the 0.7 milestone on this (0.7 is overdue), will be considered for 0.8.

    Changes
    • tags Milestone-0.7
  7. normanr on

    What about supporting jabberd2's pipe-auth [1], it's pretty basic, you spawn a subprocess on start, and send it username & base64 encoded password, and it returns OK or NO. Shelling out to a subprocess also means only the subprocess that checks passwords has grp:shadow and not the entire daemon. [1] http://www.cpan.org/authors/id/N/NJ/NJH/jabberd-authpipe-pam-0.1.pl

  8. normanr on

    forgot the very simple example flow (password encoding is base64): http://codex.xiaoka.com/svn/jabberd2/trunk/docs/dev/c2s-pipe-authenticator

  9. coldguy on

    Doesn't seem to me like native PAM is important, I've been happily doing PAM auth via Cyrus for months now. Maybe some documentation is in order?

  10. MattJ on

    Unfortunately the complexity of Cyrus SASL is more than I would like to recommend to the vast number of people who already use PAM for other things. The documentation does mention that PAM is supported by Cyrus SASL, but if you see something specific that could be improved let me know. In the meantime a native PAM backend is certainly on the todo list, but not high priority.

  11. devurandom@gmx.net on

    I am using attached authentication module to handle PAM. It uses my lua-pam [1] Lua module. [1] https://github.com/devurandom/lua-pam

    Attachments
  12. devurandom@gmx.net on

    I see you have been working on this. Any news regarding merging my new version in its entirety?

  13. Dennis Schridde on

    mod_auth_pam in current prosody-modules is still broken and unusable. The version attached here almost two years ago is still an improvement to the current version, compatible to current Prosody 0.10. Is there any reason why it has not yet been merged? Does it need improvement in any way?

New comment