Hi list,
For about one month I try to find a way to build a unix app so that users
are correctly recognised whatever the authentication mechanism (password
server Or Netinfo) they use.
The solution was actually obvious (maybe too obvious, I didn't expect it to
work)... You have to use PAM.
I have built a fink package for uw-imap which works well under Jaguar Server
but I had to modify the source code though I am pretty sure it was not
necessary.
There is a uwimap source file called ckp_pam.c which is responsible for PAM
authentication:
struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[])
{
pam_handle_t *hdl;
struct pam_conv conv;
struct checkpw_cred cred;
conv.conv = &checkpw_conv;
conv.appdata_ptr = &cred;
cred.uname = pw->pw_name;
cred.pass = pass;
if ((pam_start ((char *) mail_parameters (NIL,GET_SERVICENAME,NIL),
pw->pw_name,&conv,&hdl) != PAM_SUCCESS) ||
(pam_set_item (hdl,PAM_RHOST,tcp_clientaddr ()) != PAM_SUCCESS) ||
(pam_authenticate (hdl,NIL) != PAM_SUCCESS) ||
(pam_acct_mgmt (hdl,NIL) != PAM_SUCCESS) ||
(pam_setcred (hdl,PAM_ESTABLISH_CRED) != PAM_SUCCESS)) {
/* clean up */
pam_setcred (hdl,PAM_DELETE_CRED);
pam_end (hdl,PAM_AUTH_ERR); /* failed */
return NIL;
}
pam_end (hdl,PAM_SUCCESS); /* return success */
return pw;
}
My problem is that if I log in as unixuser, after the pam_start call,
pw->pw_name becomes root and the pop/imap server refuses to log me in.
An easy way to work around the problem consists in adding a
pw = pwuser (usr); /* restore original pw */
statement just before the "return pw;" line, in order to get back the
original pw structure.
However, I am pretty sure there is a better way to do it. Is there a PAM
guru out there who could explain me how to solve this problem ?
My imap and pop pam.d files look like this (they are copy of pam.d/login):
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so
Thanks in advance,
Antoine
--------------------------------
Antoine Duchateau / ___ __
Abaque sprl / / | / /_ ____ _ ____ _ __ __ ___
Av. Louis Dehoux, 25 / / /| | / __ \ / __ `// __ `// / / // _ \
1160 Brussels - Belgium / / ___ | / /_/ // /_/ // /_/ // /_/ // __/
email: [EMAIL PROTECTED] / /_/ |_|/_.___/ \__,_/ \__, / \__,_/ \___/
phone: +32 2 675 33 33 / /_/
--------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel
