PAM Cookbook

From radmind

Jump to: navigation, search

This document describes how to configure and use pluggable authentication modules (PAM) for the Radmind server on Mac OS 10.2 and higher.

Contents

[edit] Creating the Radmind PAM Configuration File

The configuration file defines how the Radmind server will use the PAM modules to perform authentication tasks. This allows the system administrator to have total control over the authentication policy the Radmind server will use.

  1. Download the example Radmind configuration file:
    [server] root# cd /etc/pam.d
    [server] root# curl http://rsug.itd.umich.edu/software/radmind/ \
    files/radmind.pam.conf > radmind
    The example configuration uses the security server PAM module to tie into the Apple security framework for authentication. This will allow any valid user on

the Radmind server to login.

[edit] Turn on User Authentication

  1. Modify the Radmind server startup item.
    [server] root# cd /Library/StartupItems/RadmindServer
    [server] root# vi RadmindServer
    Add –U as an option to the line starting with /usr/local/sbin/radmind.
  2. Reboot.

[edit] PAM & Radmind

With user authentication enabled, the Radmind server will only allow uploads after the user has logged in. Since passwords are sent in the clear, TLS is required to login.

To store a loadset on a server that has user authentication enabled, add –L as an option to lcreate. This will cause lcreate to login as the current user and ask for the password. To login as a different user, add the –U user option where user is the user name to login as.

[edit] Links

Personal tools