PAM_NUFW Documentation
======================

Events
======

pam_nufw is a library to authenticate an user on nuauth when he uses PAM
(examples: connect with ssh, authenticate using gdm, su, etc.). pam_nufw
use two PAM events:

 * authentication: line like "auth optional ..." in configuration file ;
 * session end: line like "session optional ..." in configuration file.

First event does connect to nuauth (open a session), and the second does
disconnect (close the session).

Options
=======

pam_nufw accepts following options on the command line:
 * server=nuauth_ip: Nuauth server IP/hostname
 * port=nuauth_port: Nuauth port/service name
 * lock=.pam_nufw: Lock filename
 * noauth=user1,user2,(...): Don't authenticate these users

Default values:
 * port is 4129
 * lockfile is .pam_nufw, located in $HOME/.nufw/

Configuration file example
==========================

PAM configuration files are located in /etc/pam.d/. Each program which use PAM
may have its own file (eg. /etc/pam.d/ssh and /etc/pam.d/kdm)::

 #%PAM-1.0
 auth    requisite       pam_nologin.so
 auth    required        pam_env.so
 @include common-auth
 auth optional pam_nufw.so server=192.168.1.2 port=4129
 @include common-account
 session required        pam_limits.so
 @include common-session
 session optional pam_nufw.so server=192.168.1.2 port=4129
 @include common-password

We use auth because we have to know user's password in order to authenticate
on nuauth. The pam module closes the connection to nuauth when the application
closes the pam session. Comment the session line to suppress disconnection at
logout.