PAM Authenticator

Last modified by Admin on 2022/01/17 00:11

cogPassword Authentication Module (PAM) bridge
TypeJAR
CategoryAPI
Developed by

Paul Landes

Active Installs0
Rating
0 Votes
LicenseGNU Lesser General Public License 2.1

Installable with the Extension Manager

Description

This is a password authentication module (PAM) bridge from UNIX/Linux systems to XWiki. This module was inspired by, modeled and written after the LDAP extension. The use case and mechanism is very similar.

This is a pure Java implementation that wraps pwauth, which is a command line tool that provides the authentication and commonly available on UNIX/Linux machines as a package (see custom installation instructions).

This module addresses the need for systems that have a particular PAM configuration and want to use it to authenticate users. This was written by the author because the LDAP module did not consistently function as described in this LDAP over SSL thread. For those that use the LDAP NSS PAM module, which both authenticate users on the OS itself, using this module allows authentication to XWiki to LDAP via this software.

Configuration

The extension must be configured in the xwiki.cfg file.  For example:

## PAM
#-# PAM authentication service
xwiki.authentication.authclass=com.zensols.xwiki.pamauth.XWikiPAMAuthServiceImpl

#-# Turn PAM authentication on - otherwise only XWiki authentication
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.pam=1

#-# Enable local accounts in addition to PAM.
#-# Without this setting you will be unable to log into XWiki with local accounts.
#-# - 0: disable
#-# - 1: enable
#-# The default is 0
xwiki.authentication.pam.trylocal=1

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).

You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.

Operating System Dependencies

The pwauth program is installed using:

Debian/Ubuntu machines

% apt-get install pwauth

Redhat/Fedora/CentOS

% yum install pwauth

Dependencies

Dependencies for this extension (org.xwiki.contrib:pamauth-authenticator 1.0):

  • org.xwiki.platform:xwiki-platform-oldcore 8.4
  • com.zensols.sys:userauth 0.0.1
Tags:
    

Get Connected