1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/bash
echo "$0: $PAM_TYPE $PAM_USER"
if [ "$PAM_TYPE" == 'auth' ] ; then
if [ "$PAM_SERVICE" = 'web2' ] ; then
PAM_FILE="/etc/pam-auth2/$PAM_USER"
else
PAM_FILE="/etc/pam-auth/$PAM_USER"
fi
if ! [ -f $PAM_FILE ] ; then
echo "No [$PAM_FILE] for user [$PAM_USER]" >&2
exit 2
fi
# For auth, we compare the passwords
read PASSWORD
read CHECK_PASSWORD < $PAM_FILE
if [ "$PASSWORD" == "$CHECK_PASSWORD" ] ; then
echo "$0: auth [$PAM_USER] ok"
exit 0
fi
echo "Provided password [$PASSWORD] does not match expected [$CHECK_PASSWORD]" >&2
exit 3
fi
if [ "$PAM_TYPE" == 'account' ] ; then
if [ "$PAM_SERVICE" = 'web2' ] ; then
PAM_FILE="/etc/pam-account2/$PAM_USER"
else
PAM_FILE="/etc/pam-account/$PAM_USER"
fi
if ! [ -f $PAM_FILE ] ; then
echo "No [$PAM_FILE] for user [$PAM_USER]" >&2
exit 2
fi
# For account check, existing file is enough to allow access
echo "$0: account [$PAM_USER] ok"
exit 0
fi
echo "Unsupported PAM_TYPE [$PAM_TYPE]" >&2
exit 4
|
