[Dovecot] Looking for a good way to manage passwords for CRAM-MD5
Steinar Bang
sb at dod.no
Sun May 12 20:34:37 EEST 2013
>>>>> Steinar Bang <sb at dod.no>:
>>>>> Professa Dementia <professa at dementianati.com>:
>> There are plugins that allow you to call some glue logic (Perl, Python,
>> shell scripts, etc) which enables you to interface to pretty much any
>> method (SQL, LDAP, shadow files, etc) you have chosen to save passwords
>> - that is, as long as you are capable of writing the glue logic yourself.
> Thanks for the tip. That let me narrow down the googling to find this:
> https://metacpan.org/module/Authen::PAM::Module
There are claims in Authen::PAM that it can be used to write PAM modules
in perl, but I have yet to find an example showing how.
It is available as a debian package:
http://packages.debian.org/wheezy/libauthen-pam-perl
(however, while that package contains an .so, it looks like that .so is
meant for inclusion into perl, rather than being an .so meant for
inclusion into PAM, that would start a perl interpreter and run a
script)
The pam_python module is more obviously what I was looking for (ie. an
.so residing in /lib/security that runs a python script)
http://packages.debian.org/wheezy/libpam-python
However, I'm not really all that familiar with Python, so it may just be
simpler to write a module in C or C++. Here are three articles that
look like they might be useful to accomplish this.
http://www.linuxdevcenter.com/pub/a/linux/2002/05/02/pam_modules.html
http://www.linuxdevcenter.com/pub/a/linux/2002/05/23/pam_modules.html
http://www.linuxdevcenter.com/pub/a/linux/2002/05/30/pam_modules.html
(The articles are 11 years old, though, so they may be a bit out of
date)
More information about the dovecot
mailing list