File: README

package info (click to toggle)
pam-dbus 0.2-1
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 1,528 kB
  • ctags: 184
  • sloc: sh: 9,007; python: 59; ansic: 43; makefile: 22
file content (67 lines) | stat: -rw-r--r-- 2,134 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
pam-dbus
========

This simple pam module will, when being used to authenticate a (typically 
remote) user, use dbus to ask any currently logged in (typically local)
user if that is ok.

It connects to the object "de.nomeata.pam_dbus" at the path "/de/nomeata/pam_dbus",
expecting the "de.nomeata.pam_dbus" interface and then call the method "MayLogin".
It passes four strings (service, user, rhost, ruser), some of which might be NULL
and expectes one boolean value, which should be true if the remote user may login.

It has a timeout of 5 minutes after which the UI may stop waiting for a reply.

Configuration
=============

If you want all access to a certain service, (e.g ssh) to be handled by pam_dbus,
replace pam_unix (or @include common-auth on Debian systems) by

>>>>>>>>>snip
auth required pam_dbus.so
<<<<<<<<<<snip

in /etc/pam.d/ssh.

A more advanced configuration can be achieved with pam_succeed_if. The following
snippet, if put instead of "@include common-auth", will make all login requests 
for the user "gast" be handled by libpam_dbus, while every other request will be
handled as usual:

>>>>>>>>>snip
# gast may login using pam-dbus
auth [default=2 success=ignore] pam_succeed_if.so quiet user = gast
auth [success=ok new_authtok_reqd=done ignore=ignore default=die] pam_dbus.so
auth [default=1] pam_permit.so

# Standard Un*x authentication.
@include common-auth
<<<<<<<<<<snip

Note that you need to set "UsePAM yes" in /etc/ssh/sshd_config to make this actually
work.

DBus-Interface
==============

<?xml version="1.0" encoding="UTF-8" ?>

<node name="/de/nomeata/pam_dbus">

  <interface name="de.nomeata.pam_dbus">
    <method name="MayLogin">
      <arg type="s" name="service" direction="in" />
      <arg type="s" name="user" direction="in" />
      <arg type="s" name="rhost" direction="in" />
      <arg type="s" name="ruser" direction="int" />
      <arg type="b" name="login_ok" direction="out" />
    </method>
  </interface>
</node>

Credits
=======

pam_dbus was written by Joachim Breitner <mail@joachim-breitner>, during DebConf8,
having an application on the OpenMoko Freerunner in mind.