The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable.
License
PADL/pam_ccreds
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
pam_ccreds ========== The pam_ccreds module provides a mechanism for caching credentials when authenticating against a network authentication service, so that authentication can still proceed when the service is down. Note at present no mechanism is provided for caching _authorization_ information, i.e. whether you are allowed to login once authenticated. Doing this is more difficult than it first sounds. The present implementation requires Linux-PAM as it takes advantage of the extended configuration syntax of pam.conf. (See the example configuration file included with the software for an example of configuring it with pam_ldap.) On platforms that do not use Linux-PAM you would need a wrapper PAM module to choose an action based on the previous module's return code. When invoked via PAM, pam_ccreds performs one of three actions: validate validate PAM authentication token against cached credentials store cache PAM authentication token for future validation update if the PAM authentication token is cached, then remove it from the cache These are configured by the "action=" module option. The following module options are also recognized: use_first_pass do not prompt for the password if the existing PAM authentication token does not validate try_first_pass prompt for the password if the existing PAM authentication token does not validate service_specific only check cached credentials for this specific service ccredsfile= name of the cached credentials file; default is /var/cache/.security.db action= action (see above) The "cc_test" and "cc_dump" utilities are also provided; cc_dump may be removed in a future version. Things we need to do are: o more testing o verify it works with Berkeley DB 4.x o use transactions rather than flock() when using versions of DB that support it The pam_ccreds module is distributed under the GNU General Public License.
About
The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published