Access Control database using pam-pgsql?
I am running Debian woody and am trying to setup an access control database using the pam module pam_pgsql.so and PostgreSQL. I am testing the system using Apache 1.3. Basic functionality is working:
Apache PAM DSO loaded and configured
pam-pgsql working and configured
pam-pgsql called by /etc/pam.d/httpd
PostgreSQL simple user database working, configured, filled w/ test users
Apache authenticating correctly using pam-pgsql --> PostgreSQL database
My aim is:
I want to have a single user database that I can edit to give different users access to different services. I want to put a web front-end to this database where I can add/remove/edit users and grant/revoke access to different services w/ simple check boxes.
The trouble is:
Right now pam_pgsql does not support authentication by group (as far as I know) so I can't just make users in the database members of groups samba, apache or what have you. In order to have per service authentication, I would have to maintain a separate table for each service. This is clunky, and the point of this project is to consolidate everything so I don't have 20 password databases in different places with different formats that all need to be synced w/ shadow. Solliciting solutions!
Much obliged,
Johnny
|