pam_admin

pam_admin is a PAM module that allows using login suffixes for users to become root with their own password.
Download

pam_admin Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • Gerald Macinenti
  • Publisher web site:
  • http://www.idealx.org/prj/pam-admin/

pam_admin Tags


pam_admin Description

pam_admin is a PAM module that allows using login suffixes for users to become root with their own password. pam_admin is a PAM module that allows using login suffixes for users to become root with their own password.In a first stage, checks the user name against being of form < user >+< suffix >, where < suffix > is supplied as an argument. In case the check succeeds, this +< suffix > part is stripped, and the control is passed to the following module. In this stage, the module acts similarily to the pam_realm module on which it is based (see http://only.mawhrin.net/~mss/thingies/pam-realm/).In a second stage (if required a second time in PAM stack), after "real" authentication has occured through a dedicated module (e.g: pam_unix), gives user root access if he used the configured suffix and is present in or is a member of a group listed in the file "/etc/security/pam_admin.conf".Note that this module only responds to PAM "auth" queries.Due to the fact that OpenSSH verifies the user identity on behalf of PAM, this module wont work with ssh connections (the user is simply not authorized).INSTALLATION:Uncompress the sources with: tar xvfz pam-admin-VERSION-tgz Place yourself in the source directory and type: makeThen as root: make installYou could uninstall the module as root with the command: make uninstallOPTIONS:debug -- print debugging information suffix= -- specify the to check againstallowbare -- also allows the user name to be of form just without any +, this parameter has no effect when "becomeroot" is usednostrip -- in certain cases, it may be of use to just check if the user name is of proper formbecomeroot -- if "suffix" was detected in a previous call to the module, let the user become root if he (or one of his groups) is listed in the /etc/security/pam_admin.conf fileNote: using a different suffix in the two module queries will result in the second stage to always fail when stage 1 succeeds using first suffix, in future versions, the second stage should use the suffix configured for the first stage.


pam_admin Related Software

About SoftwareSea