On Thu, 22 Jan 2004 10:12:01 -0500, Stephen Gran wrote:
> PAM has a rather large number of plugins that can help in this
> situation. It depends on how you want to do it - I use LDAP, some
> people use a database backend, some people just use a flat file, if the
> number of users is small. There are pam modules for each of these, as I
> understand it. pam_unix (the module that authenticates against a unix
> account) is only one way of many to authenticate users.
I'd looked through the PAM documentation, and it does seem as if this
should allow authentication without an account. What I can't find in
the documentation, however, is how to set up new users and passwords.
Where does PAM look for usernames and their passwords? A simple flat
file is sufficient for my needs.
On top of this, Apple seems to have customized their PAM setup, which
complicates things. There is no pam.conf file anywhere. My PAM service
file for pop3 (borrowed from the ftp one) looks like
auth sufficient pam_securityserver.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
"pam_securityserver.so" seems to be an Apple invention; it's not listed
among the PAM modules in the PAM docs. So I'm in need of yet further
documentation. The only PAM modules I have available are:
pam_deny.so
pam_netinfo.so
pam_nologin.so
pam_permit.so
pam_rootok.so
pam_securetty.so
pam_securityserver.so
pam_unix.so
pam_uwtmp.so
pam_wheel.so
> Hope that helps some.
Yes, it does actually, thank you very much. PAM seems to be the
mechanism I need, I'm just a bit short on facts to get it working.
Best Regards,
Brad
