Material for the PAM talk held at the Nairobi LUG meetup on 7th September 2019.
You can also view the talk online by going to https://talks.godoc.org/github.com/kmwenja/pam-talk/talk.slide.
- Setup a Go environment: https://golang.org/doc/install
go get -u golang.org/x/tools/cmd/present
- In this directory, run
present -orighost localhost -notes
- Visit http://localhost:3999 in your browser.
- Cd into
module
in this repo. - Run
make
. This will build a PAM module (shared library) at/tmp/go-pam.so
. - Add
/tmp/go-pam.so
to any PAM application config in/etc/pam.d/
that you can safely test with (good examples can besu
orsshd
). Add the module in theauth
section with asufficient
control level. An example configuration looks as follows:
# add this line to the top of the auth section
auth sufficient /tmp/go-pam.so
# other auth lines will go here
....
- Make a user called
test
but don't assign them any working password:useradd -m test
. - Use the application to authenticate. For example, if you are using
su
to demo, runsu test
and notice how no password is required to login to thetest
user. - Remove the line added to the PAM config for the app you are using to demo since having this line remain there will be a security risk to your system.