PAM Cookbook
From radmind
This document describes how to configure and use pluggable authentication modules (PAM) for the Radmind server on Mac OS 10.2 and higher.
Contents |
[edit] Creating the Radmind PAM Configuration File
The configuration file defines how the Radmind server will use the PAM modules to perform authentication tasks. This allows the system administrator to have total control over the authentication policy the Radmind server will use.
- Download the example Radmind configuration file:
-
- [server] root# cd /etc/pam.d
- [server] root# curl http://rsug.itd.umich.edu/software/radmind/ \
- files/radmind.pam.conf > radmind
- The example configuration uses the security server PAM module to tie into the Apple security framework for authentication. This will allow any valid user on
-
the Radmind server to login.
[edit] Turn on User Authentication
- Modify the Radmind server startup item.
-
- [server] root# cd /Library/StartupItems/RadmindServer
- [server] root# vi RadmindServer
- Add –U as an option to the line starting with /usr/local/sbin/radmind.
-
- Reboot.
[edit] PAM & Radmind
With user authentication enabled, the Radmind server will only allow uploads after the user has logged in. Since passwords are sent in the clear, TLS is required to login.
To store a loadset on a server that has user authentication enabled, add –L as an option to lcreate. This will cause lcreate to login as the current user and ask for the password. To login as a different user, add the –U user option where user is the user name to login as.
[edit] Links
- pam man pages
- http://www.kernel.org/pub/linux/libs/pam/
