Skip to content

PADL/pam_ccreds

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits

.cvsignore

.cvsignore

 
 

AUTHORS

AUTHORS

 
 

COPYING

COPYING

 
 

CVSVersionInfo.txt

CVSVersionInfo.txt

 
 

ChangeLog

ChangeLog

 
 

INSTALL

INSTALL

 
 

Makefile.am

Makefile.am

 
 

Makefile.in

Makefile.in

 
 

NEWS

NEWS

 
 

README

README

 
 

acconfig.h

acconfig.h

 
 

acinclude.m4

acinclude.m4

 
 

aclocal.m4

aclocal.m4

 
 

autogen.sh

autogen.sh

 
 

cc.h

cc.h

 
 

cc_db.c

cc_db.c

 
 

cc_dump.c

cc_dump.c

 
 

cc_lib.c

cc_lib.c

 
 

cc_pam.c

cc_pam.c

 
 

cc_private.h

cc_private.h

 
 

cc_test.c

cc_test.c

 
 

ccreds_chkpwd.c

ccreds_chkpwd.c

 
 

config.guess

config.guess

 
 

config.h.in

config.h.in

 
 

config.sub

config.sub

 
 

configure

configure

 
 

configure.in

configure.in

 
 

depcomp

depcomp

 
 

exports.hpux

exports.hpux

 
 

exports.linux

exports.linux

 
 

exports.solaris

exports.solaris

 
 

install-sh

install-sh

 
 

missing

missing

 
 

mkinstalldirs

mkinstalldirs

 
 

pam.conf

pam.conf

 
 

pam_ccreds.spec

pam_ccreds.spec

 
 

Repository files navigation

                         pam_ccreds
                         ==========

The pam_ccreds module provides a mechanism for caching
credentials when authenticating against a network
authentication service, so that authentication can still
proceed when the service is down. Note at present no
mechanism is provided for caching _authorization_ 
information, i.e. whether you are allowed to login once
authenticated. Doing this is more difficult than it
first sounds.

The present implementation requires Linux-PAM as it takes
advantage of the extended configuration syntax of pam.conf.
(See the example configuration file included with the 
software for an example of configuring it with pam_ldap.)
On platforms that do not use Linux-PAM you would need a
wrapper PAM module to choose an action based on the
previous module's return code.

When invoked via PAM, pam_ccreds performs one of three
actions:

	validate	validate PAM authentication token
			against cached credentials

	store		cache PAM authentication token for
			future validation

	update		if the PAM authentication token is
			cached, then remove it from the
			cache
			
These are configured by the "action=" module option. The
following module options are also recognized:

	use_first_pass	do not prompt for the password if
			the existing PAM authentication
			token does not validate

	try_first_pass	prompt for the password if the
			existing PAM authentication token
			does not validate

	service_specific only check cached credentials for
			 this specific service

	ccredsfile=	name of the cached credentials
			file; default is /var/cache/.security.db

	action=		action (see above)

The "cc_test" and "cc_dump" utilities are also provided;
cc_dump may be removed in a future version.

Things we need to do are:

	o more testing
	o verify it works with Berkeley DB 4.x
	o use transactions rather than flock() when
	  using versions of DB that support it

The pam_ccreds module is distributed under the GNU General
Public License.

About

The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable.

www.padl.com/OSS/pam_ccreds.html

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

6 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages