webadmin-devel

[webmin-devel] Webmin PAM Authentication

[<cle...@gm...>]

Hi everyone, I'm back :).

Just a little suggestion for the redhat-compliant systems. In the
/etc/pam.d/webmin, replace the classic :
auth     required    pam_unix.so etc....

By the more conventionnal :
auth include system-auth

This allows Webmin on redhat-compliant system to authenticate users
upon the Directory chosen by the administrator (so local, LDAP, NIS,
etc...) instead of systematically authenticate upon local /etc/passwd
base.

See the joined patch.

I'm conscious that authentication is a sensible part of the system so
I can imagine it will be hard to include to Webmin. But maybe it can
help ;).
--=20
Cl=E9ment V=E9ret

Re: [webmin-devel] Webmin PAM Authentication

[Jamie C. <jca...@we...>]

Hi Cl=E9ment,

That is a good patch .. but I'm worried about how it will perform
on non-Redhat RPM-based systems like SuSE and Mandrake, and even old
Redhat systems before they started using system-auth . Is it possible
to have a pam.d/webmin file that somehow falls back to the old behavior
in cases like these?

 - Jamie

On 9/Nov/2007 03:09 Cl=E9ment VERET wrote ..
> Hi everyone, I'm back :).
> 
> Just a little suggestion for the redhat-compliant systems. In the
> /etc/pam.d/webmin, replace the classic :
> auth     required    pam_unix.so etc....
> 
> By the more conventionnal :
> auth include system-auth
> 
> This allows Webmin on redhat-compliant system to authenticate users
> upon the Directory chosen by the administrator (so local, LDAP, NIS,
> etc...) instead of systematically authenticate upon local /etc/passwd
> base.
> 
> See the joined patch.
> 
> I'm conscious that authentication is a sensible part of the system so
> I can imagine it will be hard to include to Webmin. But maybe it can
> help ;).
> -- 
> Cl=E9ment V=E9ret

Re: [webmin-devel] Webmin PAM Authentication

[<cle...@gm...>]

2007/11/9, Jamie Cameron <jca...@we...>:
> Hi Cl=E9ment,
>
> That is a good patch .. but I'm worried about how it will perform
> on non-Redhat RPM-based systems like SuSE and Mandrake, and even old
> Redhat systems before they started using system-auth .

On _every_ redhat compliant system this patch will work. I tested it
at work where we have a patchwork of redhat distributions (from Fedora
Core 3 to RHEL 5, through Red Hat 7.2 and CentOS 3/4/5).

I cannot be affirmative concerning Mandrake and SuSE... I don't really
know how this distributions work about their authentication.

Is there somebody who has the ability to test it ?

> Is it possible
> to have a pam.d/webmin file that somehow falls back to the old behavior
> in cases like these?

I know PAM very well and I'm not sure this is possible... But I'm
gonna have a try...
--=20
Cl=E9ment V=E9ret

Re: [webmin-devel] Webmin PAM Authentication

[Jamie C. <jca...@we...>]

On 11/Nov/2007 23:27 Cl=E9ment VERET wrote ..
> 2007/11/9, Jamie Cameron <jca...@we...>:
> > Hi Cl=E9ment,
> >
> > That is a good patch .. but I'm worried about how it will perform
> > on non-Redhat RPM-based systems like SuSE and Mandrake, and even old
> > Redhat systems before they started using system-auth .
> 
> On _every_ redhat compliant system this patch will work. I tested it
> at work where we have a patchwork of redhat distributions (from Fedora
> Core 3 to RHEL 5, through Red Hat 7.2 and CentOS 3/4/5).
> 
> I cannot be affirmative concerning Mandrake and SuSE... I don't really
> know how this distributions work about their authentication.
> 
> Is there somebody who has the ability to test it ?
> 
> > Is it possible
> > to have a pam.d/webmin file that somehow falls back to the old behavior
> > in cases like these?
> 
> I know PAM very well and I'm not sure this is possible... But I'm
> gonna have a try...

Let me know if you get anywhere with this. If not, a fallback would be to
use this PAM config only on Redhat-based systems, determined at the time
Webmin is installed in the RPM %post script.

 - Jamie