[OpenAFS] mod_auth_pam: Patch for session and credential support
Berthold Cogel
cogel@rrz.uni-koeln.de
Thu, 07 Jul 2005 15:47:19 +0200
Hello!
I just submitted a patch for mod_auth_pam.
(http://sourceforge.net/tracker/index.php?func=detail&aid=1234157&group_id=6663&atid=306663)
This patch enables mod_auth_pam to create a PAM session and to use PAM
credentials for a request. The behavior can be configured per directory
with the directive AuthPAM_SetCred (on|off, default is off). If on,
pam_open_session and pam_setcred will be called. This is useful on AFS
if you need the AFS-Token during the request. In this case the logger
function is used to destroy the token.
The PAM handle is stored for each request in a memory pool that is
allocated for this request and automatically removed after the request
is done and the session has been closed.
The original patch was written for mod_auth-Pam for Apache 1.3 at the TU
Chemnitz. We modified it for mod_auth_pam for Apache 2.
The patch can be used for the original mod_auth_pam for Apache 2 and for
the patched version with the PAM servicename as a configuration option
(which I find very useful, see
http://sourceforge.net/tracker/index.php?func=detail&aid=1058140&group_id=6663&atid=306663).
With this you can use different PAM configurations for each virtual
server or directory.
I'm new to PAM, AFS and Apache programming and my C is rusty, so
feedback is welcome.
Berthold Cogel