How to configure PAM to authenticate against NIS

Asked by Hiteshbhai on 2012-11-13

How can I use PAM plugin to authenticate against NIS server?

Question information

English Edit question
PHPDevShell Edit question
No assignee Edit question
Solved by:
Last query:
Last reply:
Greg (gregfr) said : #1


As far as I know, there's no PAM plugin. Is your question related to PHPDevShell?


Hiteshbhai (hiteshbhai-patel) said : #2

Hi Greg,
  We are using PluggableAuth module, that has AUTH_ldap class to go against LDAP but I couldn't find anything for NIS.

Hiteshbhai (hiteshbhai-patel) said : #3

 we got it working using Pluggable authentication module (PAM).

Greg (gregfr) said : #4

That's great! how did you do it? would you consider contributing your code to the project?

Hiteshbhai (hiteshbhai-patel) said : #5

  Here is a brief description of entire setup..

Step 1: Install and configure Linux-PAM module..

   Underneath we used Linux-PAM module. In short PAM provides abstraction to the authentication mechanism.

    Here is how to install and configure PAM...

      You can configure it use local, nis or ldap to authenticate.

Step 2: Install and configure php-pam module to integrate with Linux-PAM.


           Add below php.ini config entries..

            extension=/usr/lib64/php/modules/ (Basically, path to your installed lib)

            create /etc/pam.d/php file and add below entries
               auth required

Step 3: From PHP you can use below method to authenticate..

        $error = "";
        $checkacctmgmt = false;

       $result = pam_auth($username, $password, $error, $checkacctmgmt);

     with respect to phpdevshell/PluggableAuth it's very similar to AUTH_ldap.class.php just use above method to authenticate.

       However, above method works, there are some issues with it.. in some linux versions with respect to NIS the request should go to the NIS server as root user.
     With Apache http server the problem is... you can not run apache as root, it runs as apache, which requires some kind of modification at NIS server. Or the machine running apache should be configured as NIS slave server and apache should send request to local NIS slave server.

      Also in order to authenticate against local /etc/passwd , 'apache' should be added to the /etc/shadow 'shadow' group..

Greg (gregfr) said : #6