search

baiwyc119 / lxmppd

Automatically exported from code.google.com/p/lxmppd
0 stars 0 forks source link

PAM authentication #61

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Support for authentication via PAM

Original issue reported on code.google.com by MWild1 on 21 Jan 2009 at 9:25

GoogleCodeExporter commented 9 years ago 
Started this, but couldn't get a simple PAM test application to work. Someone 
with
more PAM experience (not necessarily from a coding point of view) please step 
up to
help me.

Original comment by MWild1 on 24 Feb 2009 at 3:26

GoogleCodeExporter commented 9 years ago 
Pushing back to 0.7. Again, someone who is familiar with PAM would be 
appreciated :)

Original comment by MWild1 on 1 Jul 2009 at 5:20

GoogleCodeExporter commented 9 years ago 
This can be closed by the new Cyrus SASL patch which is pending 
review/integration
and due for for 0.7.

Original comment by MWild1 on 28 Oct 2009 at 3:16

GoogleCodeExporter commented 9 years ago 
Native PAM is required, ticket stays open <smile>

Native support is important to stay independent of anything around. Many people 
would
like to have a specific structure which probably not involve a Cyrus SASL 
(beside
that I personally had only totally bad experiences with Cyrus SASL). Also it is
important for being simple.

Original comment by torsten....@googlemail.com on 7 Jan 2010 at 5:40

GoogleCodeExporter commented 9 years ago 
Removing the 0.7 milestone on this (0.7 is overdue), will be considered for 0.8.

Original comment by MWild1 on 10 Jan 2010 at 3:41

GoogleCodeExporter commented 9 years ago 
What about supporting jabberd2's pipe-auth [1], it's pretty basic, you spawn a 
subprocess on start, and send it username & base64 encoded password, and it 
returns OK 
or NO.  Shelling out to a subprocess also means only the subprocess that checks 
passwords has grp:shadow and not the entire daemon.

[1] http://www.cpan.org/authors/id/N/NJ/NJH/jabberd-authpipe-pam-0.1.pl

Original comment by norm...@gmail.com on 11 Feb 2010 at 11:47

GoogleCodeExporter commented 9 years ago 
forgot the very simple example flow (password encoding is base64): 
http://codex.xiaoka.com/svn/jabberd2/trunk/docs/dev/c2s-pipe-authenticator

Original comment by norm...@gmail.com on 11 Feb 2010 at 11:51

GoogleCodeExporter commented 9 years ago 
Doesn't seem to me like native PAM is important, I've been happily doing PAM 
auth via Cyrus for months now.  Maybe some documentation is in order?

Original comment by cold...@gmail.com on 20 Oct 2010 at 6:10

GoogleCodeExporter commented 9 years ago 
Unfortunately the complexity of Cyrus SASL is more than I would like to 
recommend to the vast number of people who already use PAM for other things. 
The documentation does mention that PAM is supported by Cyrus SASL, but if you 
see something specific that could be improved let me know.

In the meantime a native PAM backend is certainly on the todo list, but not 
high priority.

Original comment by MWild1 on 20 Oct 2010 at 6:14

GoogleCodeExporter commented 9 years ago 
I am using attached authentication module to handle PAM. It uses my lua-pam [1] 
Lua module.

[1] https://github.com/devurandom/lua-pam

Original comment by devuran...@gmx.net on 28 May 2014 at 6:28

Attachments:

GoogleCodeExporter commented 9 years ago 
I see you have been working on this. Any news regarding merging my new version 
in its entirety?

Original comment by devuran...@gmx.net on 10 Nov 2014 at 11:06