Index: openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.html,v diff -u -r1.5 -r1.6 --- openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.html 4 Jun 2006 00:45:21 -0000 1.5 +++ openacs-4/packages/acs-authentication/www/doc/ext-auth-pam-install.html 7 Aug 2017 23:47:46 -0000 1.6 @@ -1,10 +1,10 @@ -Using Pluggable Authentication Modules (PAM) with OpenACS

Using Pluggable Authentication Modules (PAM) with OpenACS

OpenACS supports PAM authetication via the ns_pam module in AOLserver.

  1. Add PAM support to AOLserver.�OpenACS supports PAM support via the PAM AOLserver +Using Pluggable Authentication Modules (PAM) with OpenACS

    Using Pluggable Authentication Modules (PAM) with OpenACS

    OpenACS supports PAM authetication via the ns_pam module in AOLserver.

    1. Add PAM support to AOLserver. OpenACS supports PAM support via the PAM AOLserver module. PAM is system of modular support, and can provide - local (unix password), RADIUS, LDAP (more + local (unix password), RADIUS, LDAP (more information), and other forms of authentication. Note that due to security issues, the AOLserver PAM module cannot be used for local password - authentication.

      1. Compile and install ns_pam.�Download the tarball to + authentication.

        1. Compile and install ns_pam. Download the tarball to /tmp.

          Debian users: first do apt-get install libpam-dev

          [root@yourserver root]# cd /usr/local/src/aolserver
           [root@yourserver aolserver]# tar xzf /tmp/ns_pam-0.1.tar.gz
           [root@yourserver aolserver]# cd nspam
          @@ -26,15 +26,15 @@
           tar xzf /tmp/ns_pam-0.1.tar.gz
           cd nspam
           make
          -make install
        2. Set up a PAM domain.�A PAM domain is a set of rules for granting +make install

        3. Set up a PAM domain. A PAM domain is a set of rules for granting privileges based on other programs. Each instance of AOLserver uses a domain; different aolserver instances can use the same domain but one AOLserver instance cannot use two domains. The domain describes which intermediate programs will be used to check permissions. You may need to install software to perform new types of authentication. -

          • RADIUS in PAM.�

            1. Untar the pam_radius +

              • RADIUS in PAM. 

                1. Untar the pam_radius tarball and compile and install. (more information)

                  [root@yourserver root]# cd /usr/local/src/
                   [root@yourserver src]# tar xf /tmp/pam_radius-1.3.16.tar
                  @@ -59,8 +59,8 @@
                                   /etc/pam.d/service0
                                   with these contents:

                  auth       sufficient   /lib/security/pam_radius_auth.so
                   
                2. Modify the AOLserver configuration file to use - this PAM domain. Edit the line

                  ns_param   PamDomain             "service0"

                  So that the value of the parameter matches the name (just the file name, not the fully pathed name) of the domain file in

                  /etc/pam.d/
              • LDAP in PAM.�more information

            2. Modify the AOLserver configuration file to support ns_pam.�

              In - /var/lib/aolserver/service0/etc/config.tcl, enable the nspam module by uncommenting this line:

              ns_param   nspam           ${bindir}/nspam.so
          • Install auth-pam OpenACS service package.�Install auth-pam and restart the server.

          • Create an OpenACS authority.�OpenACS supports multiple authentication authorities. + this PAM domain. Edit the line

            ns_param   PamDomain             "service0"

            So that the value of the parameter matches the name (just the file name, not the fully pathed name) of the domain file in

            /etc/pam.d/
      2. LDAP in PAM. more information

    2. Modify the AOLserver configuration file to support ns_pam. 

      In + /var/lib/aolserver/service0/etc/config.tcl, enable the nspam module by uncommenting this line:

      ns_param   nspam           ${bindir}/nspam.so
  2. Install auth-pam OpenACS service package. Install auth-pam and restart the server.

  3. Create an OpenACS authority. OpenACS supports multiple authentication authorities. The OpenACS server itself is the "Local Authority," used by default.

    1. Browse to the authentication administration page, http://yourserver/acs-admin/auth/.