How to configure PAM to authenticate against NIS
How can I use PAM plugin to authenticate against NIS server?
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- PHPDevShell Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Hiteshbhai
- Solved:
- 2012-11-20
- Last query:
- 2012-11-20
- Last reply:
- 2012-11-14
Greg (gregfr) said : | #1 |
Hello
As far as I know, there's no PAM plugin. Is your question related to PHPDevShell?
greg
Hiteshbhai (hiteshbhai-patel) said : | #2 |
Hi Greg,
We are using PluggableAuth module, that has AUTH_ldap class to go against LDAP but I couldn't find anything for NIS.
Hiteshbhai (hiteshbhai-patel) said : | #3 |
thanks,
we got it working using Pluggable authentication module (PAM).
Greg (gregfr) said : | #4 |
That's great! how did you do it? would you consider contributing your code to the project?
Hiteshbhai (hiteshbhai-patel) said : | #5 |
Greg,
Here is a brief description of entire setup..
Step 1: Install and configure Linux-PAM module..
Underneath we used Linux-PAM module. In short PAM provides abstraction to the authentication mechanism.
Here is how to install and configure PAM...
http://
You can configure it use local, nis or ldap to authenticate.
Step 2: Install and configure php-pam module to integrate with Linux-PAM.
http://
Add below php.ini config entries..
create /etc/pam.d/php file and add below entries
auth required pam_unix.so
Step 3: From PHP you can use below method to authenticate..
$error = "";
$result = pam_auth($username, $password, $error, $checkacctmgmt);
with respect to phpdevshell/
Issues:
However, above method works, there are some issues with it.. in some linux versions with respect to NIS the request should go to the NIS server as root user.
With Apache http server the problem is... you can not run apache as root, it runs as apache, which requires some kind of modification at NIS server. Or the machine running apache should be configured as NIS slave server and apache should send request to local NIS slave server.
Also in order to authenticate against local /etc/passwd , 'apache' should be added to the /etc/shadow 'shadow' group..
Greg (gregfr) said : | #6 |
Thanks!