Writting PAM Module for custom authentication?
I have been scouring the net for quite a while now trying to find good tutorials (specifically tutorials) on writting PAM modules. I have found tons of good examples, and lessons of how and what a PAM module does.
I have found one tutorial on writting a PAM module which doesn't go into detail of using system resources, drawing from libraries etc.
The client setup is a SuSE 9.0 default installation with all patches etc.
The environment is Windows, Kerberos & Active directory. I know what needs to be done but what I need to know is if a PAM module has to be written in C++ or C, vs. something like Perl or a sh/bash script.
Without having a local user setup but having an entry in AD & Kerberos I recieve and error that the kerberos authentication fails due to no UID/GID which is present in LDAP but not Kerberos. Example:
Kerberos sees username and password -> OK
LDAP sees username and looks for UID,GID,Home Dir., & Shell -> No UID/GID
Everytime Kerberos looks at the local /etc/passwd & /etc/shadow files for authentication informaiton and if there is not an entry it will not authenticate.
What I need is a way to point the pam_krb.c file to something other than the local accounts (that is without using the *K* in the /etc/shadow file trick).
Any help, resources, examples, tutorials, sanity & code examples are appreciated.
|