forked from mricon/pam_url
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
38 lines (26 loc) · 1.4 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
pam_url - authenticate with webservers
### Debian build
apt-get install libconfig-dev libcurl4-openssl-dev libpam0g-dev
make
make install
This software is opensource software licensed under the GNU Public License version 2.
The author of this software is Sascha Thomas Spreitzer <sspreitzer (at) fedoraproject.org>.
http://spreitzer.name/
https://fedoraproject.org/wiki/User:Sspreitzer
USE THIS SOFTWARE WITH ABSOLUTELY NO GUARANTEE AND WARRANTY
/etc/pam.d/sshd or /etc/pam.d/system-auth:
[...]
auth sufficient pam_url.so [debug] [config=/etc/pam_url.conf]
[...]
This line forms the following url encoded POST data:
user=<username>&passwd=<pass>&mode=<PAM_AUTH|PAM_ACCT|PAM_SESS|PAM_PASS>&PSK=secret&do=auth
It should return either 200 OK with PSK in the body or 403 Forbidden if unsuccessful.
You can additionally set the following options:
use_first_pass Use the password previously used in the pam stack
prepend_first_pass Prepend the password previously used in the pam stack
(This is a handy option in totpcgi deployments when you want
to be able to pass both the password and the token code to the
verification server. It's probably not useful for any other
purpose.)
Please take a look inside the examples directory.
Please read the COPYING, INSTALL and AUTHOR files as well.