PAM modules
Dag-Erling Smørgrav
des at des.no
Sat Sep 17 15:33:07 UTC 2011
Jason Hellenthal <jhell at DataIX.net> writes:
> security/pam_jail A PAM module dropping users in jails after login
> security/pam_krb5 A Pluggable Authentication Module for Kerberos5
We already have that.
> security/pam_ldap A pam module for authenticating with LDAP
Not going to happen, since we don't have LDAP in base.
> security/pam_mkhomedir Create HOME with a PAM module on demand
> security/pam_p11 A PAM module using crypto tokens for auth authenticate against Unix PAM
Requires a PKCS11 implementation in base. I never finished the one I
started on...
> security/pam_pwdfile A pam module for authenticating with flat passwd files
> security/pam_require A PAM module for restricting access based on unix group or username
What does this do that pam_group doesn't?
> security/pam_smb NetBIOS domain logon PAM module
Apparently requires Perl to run, although this may be a bug in the port
> security/pam_ssh_agent_auth PAM module which permits authentication via ssh-agent
> sysutils/pam_mount A PAM that can mount volumes for a user session
That leaves us with the following candidates:
- pam_jail
- pam_mkhomedir
- pam_mount
- pam_pwdfile
- pam_ssh_agent_auth
and possibly also
- pam_require
- pam_smb
Note that pam_mkhomedir and pam_mount can be implemented using pam_exec
(possibly with some improvements) and scripts.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list