Re: Citadel and PAM.
A while back, I had posted about doing some work on the Citadel server to
make it PAM-aware. I haven't had much free time to work on this, but I
did finally get to the point of understanding how PAM works and decided to
take a look at the server code.
I noticed in auth.c that there are already some calls to the PAM library
functions. Can someone bring me up to speed on the status of PAM usage in
the server?
What I'd like to try, at first, is to extend citserver's usage of PAM by
also calling the pam_*_session() functions. I'd like to hear thoughts on
this. I know right off the bat that I'll need to store pam_handle in the
user's session struct, but I'd like to know if there are any gotcha's I
should be aware of.
After that, I was thinking that the next task to tackle would be
extending citserver's conv() function to allow authentication modules to
"talk" over the client socket. I haven't checked the protocol.txt spec
yet, but I get the feeling this may require an extension to the IGNet
protocol. It would also, depending on the authentication module, probably
require that the clients be capable of prompting the user for
authentication tokens in a more generic manner.
I will, of course, try to do this in a way that the admin can pick either
the built-in Citadel authentication, or PAM, but not both. Should this be
a compile-time, install-time, or run-time option?
PAM Binder
