webadmin-devel

PAM Authentication for webmin users

[Scott M. <sco...@ya...>]

Hiyas,
    Is there an easy way to implement a SecurID login
check for webmin users?


-Scott

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: PAM Authentication for webmin users

[Jamie C. <jca...@we...>]

Scott MacKay wrote:

>Hiyas,
>    Is there an easy way to implement a SecurID login
>check for webmin users?
>
Maybe - how does it work if you using PAM and secureID when
logging in via telnet or at the console? Currently webmin's PAM
authentication mode only supports simple username/password
interaction.

 - Jamie

Re: PAM Authentication for webmin users

[Scott M. <sco...@ya...>]

Not how I use it.  I use a special shell 'sdshell'
which actually does the challenge (so the user needs a
login, regular password, then securid challenge), but
I do know the PAM module exists.
I was thinking it would be cool if there was a
'foreign authentication' option allowed, as I can
easily write a C app which takes in a username and
PIN+ID to validate the user.  If that was suppoerted,
I don't think I would need actual UNIX accounts...

-Scott


--- Jamie Cameron <jca...@we...> wrote:
> Scott MacKay wrote:
> 
> >Hiyas,
> >    Is there an easy way to implement a SecurID
> login
> >check for webmin users?
> >
> Maybe - how does it work if you using PAM and
> secureID when
> logging in via telnet or at the console? Currently
> webmin's PAM
> authentication mode only supports simple
> username/password
> interaction.
> 
>  - Jamie
> 
> 
> 
>
_______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application
> Developer's Conference
> August 25-28 in Las Vegas --
> http://devcon.sprintpcs.com/adp/index.cfm
> 
> -
> Forwarded by the Webmin development list at
> web...@we...
> To remove yourself from this list, go to
>
http://lists.sourceforge.net/lists/listinfo/webadmin-devel


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: PAM Authentication for webmin users

[Daniel W. <dan...@st...>]

I've been doing a bunch of work with PAM lately and curious why you
wouldn't just use the PAM module?  I know people tend to like using
their own stuff better, but it would simpify integration?

Dan

On Fri, 2002-06-07 at 12:03, Scott MacKay wrote:
> Not how I use it.  I use a special shell 'sdshell'
> which actually does the challenge (so the user needs a
> login, regular password, then securid challenge), but
> I do know the PAM module exists.
> I was thinking it would be cool if there was a
> 'foreign authentication' option allowed, as I can
> easily write a C app which takes in a username and
> PIN+ID to validate the user.  If that was suppoerted,
> I don't think I would need actual UNIX accounts...
> 
> -Scott
> 
> 
> --- Jamie Cameron <jca...@we...> wrote:
> > Scott MacKay wrote:
> > 
> > >Hiyas,
> > >    Is there an easy way to implement a SecurID
> > login
> > >check for webmin users?
> > >
> > Maybe - how does it work if you using PAM and
> > secureID when
> > logging in via telnet or at the console? Currently
> > webmin's PAM
> > authentication mode only supports simple
> > username/password
> > interaction.
> > 
> >  - Jamie
> >

Re: PAM Authentication for webmin users

[Scott M. <sco...@ya...>]

Mainly because I do not think you need a webmin user
to be a real user (case in point, the initial admin of
webmin).  Since I would be mainly using it to provide
some capability to helpdesk people, I would rather not
be creating & deleting accounts for helpdesk.  Also, I
do not want these webmin people actual telnet/ftp/etc
access into the server so *really* do not want them in
(reset user password via a web interface, ya I can
trust their skill to do that :)
Given some password expiration rules where I work, the
most beneficial capability would be to have the use
SecurID to log in.

-Scott


--- Daniel Wittenberg <dan...@st...>
wrote:
> I've been doing a bunch of work with PAM lately and
> curious why you
> wouldn't just use the PAM module?  I know people
> tend to like using
> their own stuff better, but it would simpify
> integration?
> 
> Dan
> 
> On Fri, 2002-06-07 at 12:03, Scott MacKay wrote:
> > Not how I use it.  I use a special shell 'sdshell'
> > which actually does the challenge (so the user
> needs a
> > login, regular password, then securid challenge),
> but
> > I do know the PAM module exists.
> > I was thinking it would be cool if there was a
> > 'foreign authentication' option allowed, as I can
> > easily write a C app which takes in a username and
> > PIN+ID to validate the user.  If that was
> suppoerted,
> > I don't think I would need actual UNIX accounts...
> > 
> > -Scott
> > 
> > 
> > --- Jamie Cameron <jca...@we...> wrote:
> > > Scott MacKay wrote:
> > > 
> > > >Hiyas,
> > > >    Is there an easy way to implement a SecurID
> > > login
> > > >check for webmin users?
> > > >
> > > Maybe - how does it work if you using PAM and
> > > secureID when
> > > logging in via telnet or at the console?
> Currently
> > > webmin's PAM
> > > authentication mode only supports simple
> > > username/password
> > > interaction.
> > > 
> > >  - Jamie
> > >
> 
> 
>
_______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application
> Developer's Conference
> August 25-28 in Las Vegas --
> http://devcon.sprintpcs.com/adp/index.cfm
> 
> -
> Forwarded by the Webmin development list at
> web...@we...
> To remove yourself from this list, go to
>
http://lists.sourceforge.net/lists/listinfo/webadmin-devel


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com