Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Sep 2011 17:33:05 +0200
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        Jason Hellenthal <jhell@DataIX.net>
Cc:        Brandon Gooch <jamesbrandongooch@gmail.com>, freebsd-security@freebsd.org
Subject:   Re: PAM modules
Message-ID:  <864o0bb2vi.fsf@ds4.des.no>
In-Reply-To: <20110917052434.GA32989@DataIX.net> (Jason Hellenthal's message of "Sat, 17 Sep 2011 01:24:34 -0400")
References:  <86boukbk8s.fsf@ds4.des.no> <CALBk6y%2BbQOrfL01i7j5eAb-OmFA=4pxh6ni-5LULqXuFrjDFhA@mail.gmail.com> <20110917051827.GA27245@DataIX.net> <20110917052434.GA32989@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jason Hellenthal <jhell@DataIX.net> writes:
> security/pam_jail         A PAM module dropping users in jails after login
> security/pam_krb5         A Pluggable Authentication Module for Kerberos5

We already have that.

> security/pam_ldap         A pam module for authenticating with LDAP

Not going to happen, since we don't have LDAP in base.

> security/pam_mkhomedir    Create HOME with a PAM module on demand
> security/pam_p11          A PAM module using crypto tokens for auth authe=
nticate against Unix PAM

Requires a PKCS11 implementation in base.  I never finished the one I
started on...

> security/pam_pwdfile      A pam module for authenticating with flat passw=
d files
> security/pam_require      A PAM module for restricting access based on un=
ix group or username

What does this do that pam_group doesn't?

> security/pam_smb          NetBIOS domain logon PAM module

Apparently requires Perl to run, although this may be a bug in the port

> security/pam_ssh_agent_auth PAM module which permits authentication via s=
sh-agent
> sysutils/pam_mount        A PAM that can mount volumes for a user session

That leaves us with the following candidates:

 - pam_jail
 - pam_mkhomedir
 - pam_mount
 - pam_pwdfile
 - pam_ssh_agent_auth

and possibly also

 - pam_require
 - pam_smb

Note that pam_mkhomedir and pam_mount can be implemented using pam_exec
(possibly with some improvements) and scripts.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?864o0bb2vi.fsf>