This is Mozilla Identity (formerly known as BrowserID) primary authority implementation with PAM and SSL client certificates support.
For more information on BrowserID see http://en.wikipedia.org/wiki/BrowserID.
Have a working installation of a recent version of Node.js, preferably version 0.6.x.
Download and extract browserid-pam archive, or check out the repository.
From the package directory execute npm install
to download and install dependencies. Modules will be installed under the current directory.
Copy config-example.ini
to a different name and location of your choice (e.g. config.ini
).
Edit the file and set domain
to the domain name of your email addresses, and secret
to a longish string of random characters. In ssl
section change cert
and key
to point to your SSL certificate and private key.
Execute the following command to generate public and secret keys for signing user's certificates:
node_modules/.bin/generate-keypair
This will generate key.publickey
and key.secretkey
files in the current directory. Please secure your secret key well:
chmod 0600 key.secretkey
See comments in the configuration for more options.
You can run browserid-pam server with the following command:
node app.js --config config.ini
To operate it as a system service, install Forever (https://github.com/nodejitsu/forever)
npm install forever
and run
forver start app.js --config config.js
In addition to password authentication, browserid-pam
can authenticate users via SSL certificates. Set ca
parameter in your configuration file to the certificate of the authority used to issue certificates. Common name (CN) part of the user's certificate has to match the email address he is authenticating for.