Re: dtlogin

From: Charles Clancy (security@xauth.net)
Date: 12/31/01 

Date: Mon, 31 Dec 2001 16:33:55 -0600 (CST)
From: Charles Clancy <security@xauth.net>
To: Kapetanakis Giannis <bilias@edu.physics.uoc.gr>

> To make it clear what i want to do:
> Allow normal+nis users login via ssh (telnet/ftp whatever)
> Disallow nis users on dtlogin (allow local users)

Attached is a simple PAM module (perhaps PA module would be less
redundant), to what you want. It only lets people in /etc/passwd log in.
Compile, install, and add the following to /etc/pam.conf:

        dtlogin auth required /usr/lib/security/pam_local.so

I'm sure people could suggest lots of improvements, but it works. 

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy

----- pam_local.c -----

/*
**   pam_local <> only lets users from /etc/passwd log in
**   author: t. charles clancy <> tclancy@uiuc.edu
**   to compile:
**        gcc -c pam_local.c -o pam_local.o
**        ld -G pam_local.o -o pam_local.so -lpam
**   to install:
**        cp pam_local.so /lib/security/pam_local.so
**   to use, add the following to /etc/pam.conf:
**        [service] auth required /usr/lib/security/pam_local.so
*/

#define CONST const
#define PAM_SM_AUTHENTICATE

#include <stdio.h>
#include <string.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>

extern int pam_sm_authenticate(pam_handle_t *pamh, \
	int flags, int argc, CONST char **argv) {

	char *user, line[200];
	FILE *h;

	pam_get_user(pamh, &user, NULL);
	h=fopen("/etc/passwd","r+");

	while (!feof(h)) {
		fgets(line,200,h);
		if (strncmp(user,line,strlen(user))==0) \
			return PAM_SUCCESS;
	}

	return PAM_PERM_DENIED;
}

extern int pam_sm_setcred(pam_handle_t *pamh, \
	int flags, int argc, CONST char **argv) {
	return PAM_SUCCESS;
}

Relevant Pages