]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PAM.pm
04f0d93b808cc1e61ba2cc29b12e0c5950bc2b66
1 package PVE
::Auth
::PAM
;
6 use PVE
::Tools
qw(run_command);
8 use Authen
::PAM
qw(:constants);
10 use base
qw(PVE::Auth::Plugin);
18 default => { optional
=> 1 },
19 comment
=> { optional
=> 1 },
23 sub authenticate_user
{
24 my ($class, $config, $realm, $username, $password) = @_;
26 # user (www-data) need to be able to read /etc/passwd /etc/shadow
27 die "no password\n" if !$password;
29 my $pamh = new Authen
::PAM
('common-auth', $username, sub {
34 push @res, (0, $password);
41 my $err = $pamh->pam_strerror($pamh);
42 die "error during PAM init: $err";
47 if (($res = $pamh->pam_authenticate(0)) != PAM_SUCCESS
) {
48 my $err = $pamh->pam_strerror($res);
52 if (($res = $pamh->pam_acct_mgmt (0)) != PAM_SUCCESS
) {
53 my $err = $pamh->pam_strerror($res);
57 $pamh = 0; # call destructor
64 my ($class, $config, $realm, $username, $password) = @_;
66 my $cmd = ['usermod'];
68 my $epw = PVE
::Auth
::Plugin
::encrypt_pw
($password);
70 push @$cmd, '-p', $epw, $username;
72 run_command
($cmd, errmsg
=> 'change password failed');