pam_sqlite 0.3 review
Downloadpam_sqlite allows developers to authenticate users against a table in an SQLite database
|
|
pam_sqlite allows developers to authenticate users against a table in an SQLite database. pam_sqlite supports checking account information (pam_acct_expired, new_authtok_reqd) and updating authentication tokens.
Compilation & Installation
pam_sqlite is autoconf'ed, thus, compiling should be a matter of:
$ ./configure
$ make
$ make install
Compilation has been tested on RedHat Linux 7.3.
You will need to have SQLite library and header files for this module to compile.
See test.c for an example application that authenticates using this module.
Configuration:
For the service you wish the module to be used, you need to edit the /etc/pam.d/ file or /etc/pam.conf, and add the relevant lines.
For example:
auth required pam_sqlite.so
account required pam_sqlite.so
password required pam_sqlite.so
Configure the database, and table the module should use with the configuration file /etc/pam_sqlite.conf. An example of this file:
database = /etc/sysdb
table = account
user_column = user_name
pwd_column = user_password
expired_column = acc_expired
newtok_column = acc_new_pwreq
debug
expired_column tells PAM if the user account has expired. Set it to '1' or 'y' if it has.
newtok_column tells PAM if the user needs a new password. Set it to '1' or 'y' if it does.
Note that for backwards compatibility with earlier versions, options specified in the configuration file can be supplied as module arguments as well. Module arguments will override the configuration file.
Configuration Options:
database - the database which should be connected to
user_column - the column containing usernames
pwd_column - the column containing the passwords
expired_column - this column should contain '1' or 'y' if the account
has expired
newtok_column - this column should contain '1' or 'y' if the user
needs to change their password
debug - this is a standard module option that will enable
debug output to syslog (takes no values)
pw_type - specifies the password encryption scheme, can be one
of 'clear', 'md5', or 'crypt'. defaults to 'clear'.
config_file - specifies the path to a file to read for further
configuration options
sql_verify - specifies SQL template to use when verifying the
the password for a user
sql_check_expired - SQL template to use when checking for account expiry.
sql_check_newtok - SQL template to use when checking to see if the user
needs to change their password.
sql_set_passwd - SQL template to use when updating the password for
and user.
pam_sqlite 0.3 search tags