Hi folks,
I had a need to do authentication using the shadow suite rather than
using PAM, because the system were i was using it, didn't supported
PAM. I then wrote a small C program that made authentication using the
shadow suite, and used it as the --auth-user-pass-verify argument. But i
didn't liked this setup because i had to run openvpn as root, and
couldn't drop the privileges anymore, losing some of it's security.
I then wrote this plugin, that is heavily based on the auth-pam and
down-root plugins, to do either shadow or passwd authentication. Some
systems, as the majority of the BSD systems, uses a wrapper to the old
function that does the authentication, the getpwnam(3), so the plugin
authenticate using it. In other systems (the majority of linux
distributions and AFAIK sun), the shadow suite is used, with the
function getspnam(3). As there isn't an easy way to check if the system
uses passwd or shadow authentication, it must be defined as a compiler
directive in the Makefile.
Right know i tested it in a Slackware 10.2 box, in OpenBSD 3.8 and in a
red-hat based distro, called Conectiva 10.0. It's here for you to test
it and, whether it works or not, please send some reports.
The file must be decompressed under the openvpn-2.0.X directory, it
will then create a directory under the plugin, called auth-passwd. Read
the README and alter the Makefile to suit your needs.
Thanks in advance,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
auth-passwd.tar.gz
Description: file
aa90d098d4300d45c4e78929e1de6859 auth-passwd.tar.gz
signature.asc
Description: OpenPGP digital signature
