[dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?

• From: "Michael Edwards" <miedward@xxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Fri, 4 Aug 2006 10:02:34 -0500

Is it secure/a Good Idea to use the local machine accounts in a web environment?

If so, I will certainly try this out as a simpler way to get to my
ldap information.

On 8/4/06, Dave Kliczbor <maligree@xxxxxx> wrote:

hi there,

Sebastien Sacard schrieb:
> I want to authenticate users using PAM (Pluggable Authentication
> Modules). I've been through the mailing list and the forum, and it seems
> that nobody has ever done that.

I did it.

I implemented a hybrid PAM/plain text auth backend, relying heavily on
the plain text auth class. PAM users always have higher priority over
plain text users; to avoid conflicts, you could set a regex pattern only
allowing certain user name patterns for fresh users. The system groups
are imported, but aren't editable from dokuwiki. PAM users could be put
into a dokuwiki group and dokuwiki users could be put into a PAM group,
saving the data in the plain text backend.

It's no problem to use this auth backend for PAM users only, simply
disallow anyone to register ;)

You could download the backend class here:
http://fsinfo.cs.uni-dortmund.de/~dave/pamplain.class.php.txt
(don't forget to rename it to pamplain.class.php ;)

My code is not that complete nor well-tested, it still needs userland
testing and maybe a bit of bug squashing. At the moment, it's only 2
weeks in use and the site has only been launched into the restricted
userland of other students, but it seems to do exactly what I want. No
major glitches found yet.
I'm waiting for your beta test report and comments on how to do it
better ;) ... as of yet, I would call my code "a bit of a hack". In the
end, I will upload it into the dokuwiki wiki. The code still needs a bit
of documentation for that...

Installation: Simply put pamplain.class.php into inc/auth/. Make sure
basic.class.php and plain.class.php are also there and set
 $conf['authtype']    = 'pamplain';
in your conf/local.php. Make sure apache is allowed to do PAM auth!

Oh, and by the way, Andi:
> However because there is no Debian package of php-pam and it's
> not in PEAR/PECL so I never tried it.

apt-get install php4-auth-pam

It's the "simple" version of PAM, i.e. only username/password validation
is implemented. I had to use other means for group management.
I don't know if there is a package for PHP5 out yet, but with
checkinstall you still could create your own from source ;)

cya
 Dave KLiczbor
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
    • From: Dave Kliczbor

• References:
  • [dokuwiki] using Pluggable Authentication Modules to authenticate users ?
    • From: Sebastien Sacard
  • [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
    • From: Dave Kliczbor

Other related posts:

• » [dokuwiki] using Pluggable Authentication Modules to authenticate users ?
• » [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
• » [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
• » [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
• » [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?

1. Home
2. dokuwiki
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---