[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pam-list
Subject:    Need new authentication type
From:       Leon Vernikov <vernikov () cisco ! com>
Date:       2003-03-07 23:16:45
[Download RAW message or body]

Dear PAM module developers,

There are four types of control flags defined by the PAM standard: 
required, requisite, sufficient, and optional.
I need one more type of control flag.
1. This type is similar to requisite type if network/AAA server are up and 
an authentication module
(either pam_ldap, pam_radius, or pam_tacacs) returns Success or Failure.

2. This authentication type should be similar to sufficient type if the 
authentication module returns Failure
due to the network condition or remote server status
(AAA server is down, deamon doesn't run to authenticate an request from 
client, network is down, and etc.)
In this case control will be passed to the next authentication method.

I enclosed configuration file for better problem understanding.
new_type is a new authentication type to meet above-mentioned requirements.

debugshell#more /etc/pam.d/pam_config
#%PAM-1.0
auth      new_type   /lib/security/pam_tacplus.so server=172.19.226.182
auth      required     /lib/security/pam_unix.so
account new_type  /lib/security/pam_tacplus.so server=172.19.226.182
account required    /lib/security/pam_unix.so
session required    /lib/security/pam_unix.so

I appreciate any suggestions and advices before I start new authentication 
type implementation.

Thank you very much for help,

Leon
[Attachment #3 (text/html)]

<html>
<font face="Times New Roman CE, Times">Dear PAM module developers,<br>
<br>
There are four types of control flags defined by the PAM standard:
required, requisite, sufficient, and optional.<br>
I need one more type of control flag.<br>
1. This type is similar to requisite type if network/AAA server are up
and an authentication module <br>
(either pam_ldap, pam_radius, or pam_tacacs) returns Success or Failure.
<br>
<br>
2. This authentication type should be similar to sufficient type if the
authentication module returns Failure <br>
due to the network condition or remote server status <br>
(AAA server is down, deamon doesn't run to authenticate an request from
client, network is down, and etc.)<br>
In this case control will be passed to the next authentication
method.<br>
<br>
I enclosed configuration file for better problem understanding.<br>
new_type is a new authentication type to meet above-mentioned
requirements. <br>
<br>
debugshell#more /etc/pam.d/pam_config<br>
#%PAM-1.0<br>
auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; new_type&nbsp;&nbsp;
/lib/security/pam_tacplus.so server=172.19.226.182 <br>
auth&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;
/lib/security/pam_unix.so <br>
account new_type&nbsp; /lib/security/pam_tacplus.so server=172.19.226.182
<br>
account required&nbsp;&nbsp;&nbsp; /lib/security/pam_unix.so<br>
session required&nbsp;&nbsp;&nbsp; /lib/security/pam_unix.so<br>
<br>
I appreciate any suggestions and advices before I start new
authentication type implementation.<br>
<br>
Thank you very much for help,<br>
<br>
Leon</font></html>

_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic