PAM_NUFW Documentation ====================== Events ====== pam_nufw is a library to authenticate an user on nuauth when he uses PAM (examples: connect with ssh, authenticate using gdm, su, etc.). pam_nufw use two PAM events: * authentication: line like "auth optional ..." in configuration file ; * session end: line like "session optional ..." in configuration file. First event does connect to nuauth (open a session), and the second does disconnect (close the session). Options ======= pam_nufw accepts following options on the command line: * server=nuauth_ip: Nuauth server IP/hostname * port=nuauth_port: Nuauth port/service name * lock=.pam_nufw: Lock filename * noauth=user1,user2,(...): Don't authenticate these users Default values: * port is 4129 * lockfile is .pam_nufw, located in $HOME/.nufw/ Configuration file example ========================== PAM configuration files are located in /etc/pam.d/. Each program which use PAM may have its own file (eg. /etc/pam.d/ssh and /etc/pam.d/kdm):: #%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so @include common-auth auth optional pam_nufw.so server=192.168.1.2 port=4129 @include common-account session required pam_limits.so @include common-session session optional pam_nufw.so server=192.168.1.2 port=4129 @include common-password We use auth because we have to know user's password in order to authenticate on nuauth. The pam module closes the connection to nuauth when the application closes the pam session. Comment the session line to suppress disconnection at logout.