-
Notifications
You must be signed in to change notification settings - Fork 0
pam module to obtain a proxy delegation from a myproxy store. Actual authentication needs to be done by another pam module
License
msalle/pam_myproxy
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This software is designed for GNU/Linux with glibc 2.1 or later. Summary: PAM module to obtain a proxy delegation from a myproxy store. Author: Mischa Sall\'e, msalle (at) nikhef (dot) nl License: Apache 2 Dependencies: OpenSSL Description: Provides a PAM module that can obtain a proxy delegation from a MyProxy service. The user should store his credentials using his/her DN as username and a password. The PAM module will ask for the MyProxy password and either store a proxy delegation plus private key in memory for a next PAM module, or write it to disk as PEM file. This PEM file can be used to do actual authentication via e.g. LCMAPS with the planned pam_lcmapsd module. Currently implemented interfaces are: pam_sm_authenticate - retrieves proxy from MyProxy using DN (username) and password pam_sm_acct_mgmt - idem pam_sm_setcred - sets filename as X509_USER_PROXY in user environment or removes file and corresponding data and env variable pam_sm_open_session - sets filename in user environment pam_sm_close_session - removes file and corresponding data and env variable X509_USER_PROXY Options can be given either on the pam commandline or in a config file which can be specified on the pam commandline. Valid options: config - only on commandline: specifies path of config file capath - as understood by openssl cafile - idem hostcert - idem (corresponding to clientcert) hostkey - idem myproxyhost - MyProxy service hostaddress myproxyport - MyProxy service port (default 7512) proxyfmt - formatstring for proxy filename, a %d is replaced by the active username, it should end with XXXXXX following mkstemp() (default /tmp/x509up_XXXXXX) writeproxy - 0 don't write proxy, non-zero write proxy (default 1) lifetime - proxy lifetime in seconds (should be less than 1 billion, default 43200L) keysize - bitsize of keys (default 2048) intern_env - whether to use the pam environment to pass data from pam_sm_authenticate or pam_sm_account to pam_sm_setcred or pam_sm_open_session. This is needed for use with OpenSSH (default 1, i.e. yes). Example: E.g.: auth optional pam_myproxy.so config=/etc/security/pam_myproxy.conf myproxyhost=px.grid.sara.nl Notes: Actual authentication needs to be done by another pam module.
About
pam module to obtain a proxy delegation from a myproxy store. Actual authentication needs to be done by another pam module
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published