]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PAM.pm
93768053d80acb5bf0a8965b8bc6ef00190ae5c1
1 package PVE
::Auth
::PAM
;
4 use PVE
::Tools
qw(run_command);
6 use Authen
::PAM
qw(:constants);
8 use base
qw(PVE::Auth::Plugin);
16 default => { optional
=> 1 },
17 comment
=> { optional
=> 1 },
21 sub authenticate_user
{
22 my ($class, $config, $realm, $username, $password) = @_;
24 # user (www-data) need to be able to read /etc/passwd /etc/shadow
25 die "no password\n" if !$password;
27 my $pamh = new Authen
::PAM
('common-auth', $username, sub {
32 push @res, (0, $password);
39 my $err = $pamh->pam_strerror($pamh);
40 die "error during PAM init: $err";
45 if (($res = $pamh->pam_authenticate(0)) != PAM_SUCCESS
) {
46 my $err = $pamh->pam_strerror($res);
50 if (($res = $pamh->pam_acct_mgmt (0)) != PAM_SUCCESS
) {
51 my $err = $pamh->pam_strerror($res);
55 $pamh = 0; # call destructor
62 my ($class, $config, $realm, $username, $password) = @_;
64 my $cmd = ['usermod'];
66 my $epw = PVE
::Auth
::Plugin
::encrypt_pw
($password);
68 push @$cmd, '-p', $epw, $username;
70 run_command
($cmd, errmsg
=> 'change password failed');