English
SpanishAcerca de david.villa
Inicio de sesión
Navegación
Envíos recientes a blogs
- Fallo de pdflatex en debian sid
- emacs-pills: compilation feedback with colors
- Creating a virtual grid with libvirt + debian preseeds + puppet + IceGrid
- Adios Google Reader, Hola Tiny Tiny RSS
- Soporte mejorado para el ASUS UX32VD
- Instalar un módulo Python en un virtualenv
- Android SDK en Debian 64 bits
- Debian GNU/Linux Install Party V.7
- Altavoces bluetooth en GNOME
- Configurar apt para que no descargue traducciones
Cometarios recientes
Redmine PAM authentication plugin
That recipe shows how to configure redmine to use PAM authentication. It includes the PAM authentication plugin code.
Ingredients
- a working redmine installation
- libpam0g-dev (debian package)
- rpam (gem)
Install dependences
$ sudo aptitude install libpam0g-dev $ sudo gem install rpam
Testing rpam
Write that in a auth.rb file:
#!/usr/bin/ruby require 'rubygems' require 'rpam' include Rpam user = ARGV[0] system "stty -echo" pass = STDIN.gets.strip system "stty echo" if authpam(user, pass) == true puts "Authenticate Successful" else puts "Authenticate Failure" end
And run it with:
$ ruby ./auth.rb peter {write password here} Authenticate Successful
The plugin
Following the instruction of Alternative (custom) Authentication HowTo, I wrote that trivial (but working) plugin:
require 'rubygems' require 'rpam' include Rpam class AuthSourcePam < AuthSource def authenticate(login, password) logger.debug "replacement PAM auth called" if logger && logger.debug? return nil if login.blank? or password.blank? or not authpam(login, password) return [:firstname => login] end def auth_method_name "PAM" end end
Put that file in /usr/share/redmine/app/models/ (in the case of Debian)
Register the plugin
Like the Authentication HowTo say, you must insert a record in the auth_sources database table. I use sqlite3 so in my case I did:
$ sqlite3 /var/lib/dbconfig-common/sqlite3/redmine/instances/default/redmine_default sqlite> insert into auth_sources values (NULL, 'AuthSourcePam', 'Pam', 'localhost', 1, 'user', 'pass', 'app', 'name', 'firstname', 'lastname', 'email', 1, 0);
Selecting authentication method
Now, you must restart redmine and go to the user administration page. In the “Authentication” section there is now a new option called “Authentication mode” and you may select among “internal” or “Pam”. That is all.
Comments
I’m sorry if the plugin code contains errors, but it is my very first Ruby program. Please, comment if you have some suggestion or problem.
References
| Adjunto | Tamaño |
|---|---|
| redmine-pam.png | 168.33 KB |
- david.villa's blog
- Inicie sesión o regístrese para enviar comentarios
- 8048 lecturas
Comentarios
Authentication mode not available in page
I've done everything as described above but I use MySQL instead of SQlite.
Here's the proof that the information is there:
mysql> select * from auth_sources;
+----+---------------+------+-----------+------+---------+------------------+---------+------------+----------------+---------------+-----------+-------------------+-----+
| id | type | name | host | port | account | account_password | base_dn | attr_login | attr_firstname | attr_lastname | attr_mail | onthefly_register | tls |
+----+---------------+------+-----------+------+---------+------------------+---------+------------+----------------+---------------+-----------+-------------------+-----+
| 1 | AuthSourcePam | Pam | localhost | 1 | user | pass | app | name | firstname | lastname | email | 1 | 0 |
+----+---------------+------+-----------+------+---------+------------------+---------+------------+----------------+---------------+-----------+-------------------+-----+
1 row in set (0.00 sec)
I don't know why, I have no new option for setting Authentication mode. Any hints?
Tks,
PP
Authentication mode is available
I was fighting with the same problem. After an hour I give up and decided to create users by hand and...
Go to /users/new and you will see that this settings (Auth mode) is a per user option, non system wide:
http://cl.ly/0y2X0k3A1K3e1k3k1k1o
Change option from Internal to Pam and all should works OK.
Yes, the module works this
Yes, the module works this way. This PAM module does not map system users on redmine. This plugin support only authentication for already existing users. Sorry if the post does not clarify that point.
No soy portavoz de ningún colectivo, grupo o facción. Mi opinión es personal e intransferible.
Good, but don't know why it does not work
Hi,
I have followed your post, but it seams that is does not work.
The auth.rb test is working fine, but the plugin does not authenticate.
The plugin is registered, user created with "PAM" authentication, and in remine production log, it shows "Failed login...".
I even added the login/password to the log, they are fine, but the function "authpam" does not seam to work when used in redmine through apache.
I'm hosting using Ubuntu 11.10 x86_64, ruby 1.8, apache 2.2 with passenger, redmine 1.1.3.stable (MySQL).
Thanks
Do you test it with the
Do you test it with the auth.rb program here above?
No soy portavoz de ningún colectivo, grupo o facción. Mi opinión es personal e intransferible.
Hi, Yes I have, it is
Hi,
Yes I have, it is working.
I have made another try : I have made a "su nobody", to start a shell as the apache user. Then I ran auth.rb. This time, it has failled. It seams that the "nobody" user can't use PAM authentication in a ruby script.
Maybe this can help you...
Thanks.