Re: dtlogin

From: Charles Clancy (
Date: 12/31/01

Date: Mon, 31 Dec 2001 16:33:55 -0600 (CST)
From: Charles Clancy <>
To: Kapetanakis Giannis <>

> To make it clear what i want to do:
> Allow normal+nis users login via ssh (telnet/ftp whatever)
> Disallow nis users on dtlogin (allow local users)

Attached is a simple PAM module (perhaps PA module would be less
redundant), to what you want. It only lets people in /etc/passwd log in.
Compile, install, and add the following to /etc/pam.conf:

        dtlogin auth required /usr/lib/security/

I'm sure people could suggest lots of improvements, but it works.

t. charles clancy <> <>

----- pam_local.c -----

/* ** pam_local <> only lets users from /etc/passwd log in ** author: t. charles clancy <> ** to compile: ** gcc -c pam_local.c -o pam_local.o ** ld -G pam_local.o -o -lpam ** to install: ** cp /lib/security/ ** to use, add the following to /etc/pam.conf: ** [service] auth required /usr/lib/security/ */

#define CONST const #define PAM_SM_AUTHENTICATE

#include <stdio.h> #include <string.h> #include <security/pam_appl.h> #include <security/pam_modules.h>

extern int pam_sm_authenticate(pam_handle_t *pamh, \ int flags, int argc, CONST char **argv) {

char *user, line[200]; FILE *h;

pam_get_user(pamh, &user, NULL); h=fopen("/etc/passwd","r+");

while (!feof(h)) { fgets(line,200,h); if (strncmp(user,line,strlen(user))==0) \ return PAM_SUCCESS; }


extern int pam_sm_setcred(pam_handle_t *pamh, \ int flags, int argc, CONST char **argv) { return PAM_SUCCESS; }

Relevant Pages