Take 2 - sorry for the noise - this update to the series splits some patches down further, fixes a security bug vs the first iteration, and hopefully makes various improvements to patches.
I wanted to use OpenVPN with PAM whilst enforcing the use of the TLS client cert common name in place of the user-supplied user name. This wouldn't work with the PAM plugin I was using, and in the process of debugging this I've made a few changes to the auth-pam plugin which I hope make it easier to use and less 'brittle' in that it should now be possible to configure customised behaviour whilst minimising the reliance on matching against strings which are only intended to be parsed by humans, not other software. For my use case, I can now obtain the custom behaviour I wanted without having to rely on any such matching against human-readable messages generated by PAM modules (which may be subject to changes due to software updates, changes in default system modules and PAM config, as well as localisation etc.). The changes should be backward compatible with existing deployments and I've also made some changes to the README as I felt it was a bit difficult to follow in places... I write very little C, so please excuse me if the following are a bit rough. Tim. Tim Small (6): Separate error logging for pam auth and account Log common name as well as username for pam auth Refactor name/value list search and substitution code. Add default password reply with name_value_list Allow administrator to supply a user to pam_start Improve docs and detail new functionality src/plugins/auth-pam/README.auth-pam | 152 +++++++++++++++++++++++++---- src/plugins/auth-pam/auth-pam.c | 182 ++++++++++++++++++++++++----------- 2 files changed, 259 insertions(+), 75 deletions(-) -- 2.1.4
