how to do ssh authentication using pam?

I need to execute a series of commands using ssh in c code like the
following, but I want to do authentication or input password only once in
the beginning. Will pam help in this case ? Please show some c code. Thank
you.

int main(int argc, char** argv)
{
  char* arg_list[] = {
    "ssh",
    "user <at> host",
    "ls",
    NULL
  };

  /* Now execute ssh */
  execvp("ssh", arg_list);

}

Hanzhou zhang

how to do ssh authentication using pam?

I need to execute a series of commands using ssh in c code like the
following, but I want to do authentication or input password only once in
the beginning. Will pam help in this case ? Please show some c code. Thank
you.

int main(int argc, char** argv)
{
  char* arg_list[] = {
    "ssh",
    "user <at> host",
    "ls",
    NULL
  };

  /* Now execute ssh */
  execvp("ssh", arg_list);

}

Re: Pam-list digest, Vol 1 #680 - 2 msgs

pam-list-request <at> redhat.com wrote:
> Send Pam-list mailing list submissions to
> 	pam-list <at> redhat.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://listman.redhat.com/mailman/listinfo/pam-list
> or, via email, send a message with subject or body 'help' to
> 	pam-list-request <at> redhat.com
> 
> You can reach the person managing the list at
> 	pam-list-admin <at> redhat.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pam-list digest..."
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Today's Topics:
> 
>    1. how to do ssh authentication using pam? (zhang <at> csee.wvu.edu)
>    2. how to do ssh authentication using pam? (zhang <at> csee.wvu.edu)
> 
> 
> ------------------------------------------------------------------------
> 
> Subject:
> how to do ssh authentication using pam?
> From:

RE: how to do ssh authentication using pam?

Using PAM and MSSQL

Hi all. I've never written a module to authenticate users with PAM. Now
I have to do it using MSSQL server and allow the user if he has the
right permission set on a table, like this :

username password hasEmailAccount hasWebAccount hasXXXAcount
leandro  leandro     true            false        false

So, for example, if want to check my emails on a popd, I will, but I
can't use the web through squid or XXX.

Is it possible to write a module to do this without changing the client
application ? ( using the conversation mechanism ).

I'm planning to use the freetds lib to implement the communication
channel with MSSQL.

If you have any experience on this pleased drop me a line.

thanx !

--

-- 
Leandro Rodrigo Saad Cruz
IT - Inter Business Tecnologia e Servicos (IB)
http://www.ibnetwork.com.br
http://jakarta.apache.org/ojb

Re: Using PAM and MSSQL

On Wed, Jan 08, 2003 at 04:16:02PM -0200, Leandro Rodrigo Saad Cruz wrote:
> Hi all. I've never written a module to authenticate users with PAM. Now
> I have to do it using MSSQL server and allow the user if he has the
> right permission set on a table, like this :

> username password hasEmailAccount hasWebAccount hasXXXAcount
> leandro  leandro     true            false        false

> So, for example, if want to check my emails on a popd, I will, but I
> can't use the web through squid or XXX.

> Is it possible to write a module to do this without changing the client
> application ? ( using the conversation mechanism ).

I know of modules that do the same thing for mysql and pgsql, so it is
possible.  The 'hasXXXAccount' could be handled within the module by
mapping service names to database fields.

From a security standpoint, it is not recommended to use a networked,
plaintext protocol SQL database for your PAM backend.

--

-- 
Steve Langasek
postmodern programmer

Re: Using PAM and MSSQL

On Wed, 2003-01-08 at 16:52, Steve Langasek wrote:
> On Wed, Jan 08, 2003 at 04:16:02PM -0200, Leandro Rodrigo Saad Cruz wrote:
> > Hi all. I've never written a module to authenticate users with PAM. Now
> > I have to do it using MSSQL server and allow the user if he has the
> > right permission set on a table, like this :
> 
> > username password hasEmailAccount hasWebAccount hasXXXAcount
> > leandro  leandro     true            false        false
> 
> > So, for example, if want to check my emails on a popd, I will, but I
> > can't use the web through squid or XXX.
> 
> > Is it possible to write a module to do this without changing the client
> > application ? ( using the conversation mechanism ).
> 
> I know of modules that do the same thing for mysql and pgsql, so it is
> possible.  The 'hasXXXAccount' could be handled within the module by
> mapping service names to database fields.

Can you point me any of these modules ?

> 
> >From a security standpoint, it is not recommended to use a networked,
> plaintext protocol SQL database for your PAM backend.

you are right, we are using it in a very restricted portion of our
network.

> 
> -- 
> Steve Langasek
> postmodern programmer
--

-- 
Leandro Rodrigo Saad Cruz
IT - Inter Business Tecnologia e Servicos (IB)
http://www.ibnetwork.com.br
http://jakarta.apache.org/ojb

Re: Using PAM and MSSQL

On Wed, Jan 08, 2003 at 05:17:17PM -0200, Leandro Rodrigo Saad Cruz wrote:

> > I know of modules that do the same thing for mysql and pgsql, so it is
> > possible.  The 'hasXXXAccount' could be handled within the module by
> > mapping service names to database fields.

> Can you point me any of these modules ?

From google:

http://rpmfind.net/linux/RPM/contrib/libc6/i386/pam_mysql-0.4.7-1.i386.html

--

-- 
Steve Langasek
postmodern programmer

java+jni+PAM

Hi,

has anybody successfully used Linux-PAM (or Solaris-PAM) with JNI?
My problem is, that I have not managed to generate a shared library for 
JNI where all symbols can be resolved during loading.
Either the PAM modules fail with one or the other missing symbol from 
the pam library, which results in a "unknown module" message, or they 
produce a segmentation fault.
Loading the same library from a C-program works.

There was a response by Andrew Morgan to a similar question last January 
(2002), which was only related to the shared library aspect. I tried
his workaround, but it also failed in the case of java.

I am using j2sdk1.4, gcc-3.2.1 (I have tried gcc-2.95.3 with the same 
results), pam-0.75, gnu ld-2.11 on Linux,
j2sdk1.4, Sun WorkShop 6, ... on Solaris 8.

Thanks,
Thomas

Problems with open ldap and pam on RHL 8.0

Hello, 

I am trying to setup an ldap + samba auth system in a Linux Box with RedHat 
8.0. To do this I am carefully following a pair of guides, one from idealx 
(samba-ldap-tools people) and another very similar from ibm developer center; 
both guides say that are tested with RedHat 7.2. At the moment I have been 
able to make the ldap server running and able to add users to this ldap 
server; even though I am stock since I cannot make the system see the users I 
create with the smbldap-useradd.pl script. 
	I have enabled ldap auth with authconfig. 
	I have found that users are always created with the same uid. 
	I have debugged smbldap-useradd.pl and it seems that it cannot get the 
last ldap uid in the system (getpwuid call). 
	What is going on? 
	What am I doing wrong? 

Thanks in advance for your help. 

Luis