CRySoL

this

  • author: david.villa gravatar
  • created: 2011-01-29
  • source / edit
  • categories: recipe
  • migrated from node/1454

related

recent

Redmine PAM authentication plugin

That recipe shows how to configure redmine to use PAM authentication. It includes the PAM authentication plugin code.

Ingredients

  • a working redmine installation
  • libpam0g-dev (debian package)
  • rpam (gem)

Install dependences

$ sudo aptitude install libpam0g-dev
$ sudo gem install rpam

Testing rpam

Write that in a auth.rb file:

#!/usr/bin/ruby

require 'rubygems'
require 'rpam'
include Rpam

user = ARGV[0]
system "stty -echo"
pass = STDIN.gets.strip
system "stty echo"

if authpam(user, pass) == true
      puts "Authenticate Successful"
else
      puts "Authenticate Failure"
end

And run it with:

$ ruby ./auth.rb peter
{write password here}
Authenticate Successful

The plugin

Following the instruction of Alternative (custom) Authentication HowTo, I wrote that trivial (but working) plugin:

[ auth_source_pam.rb]

require 'rubygems'
require 'rpam'
include Rpam

class AuthSourcePam < AuthSource

  def authenticate(login, password)
    logger.debug "replacement PAM auth called" if logger && logger.debug?

    return nil if login.blank? or password.blank? or not authpam(login, password)

    return [:firstname => login]
  end

  def auth_method_name
    "PAM"
  end

end

Put that file in /usr/share/redmine/app/models/ (in the case of Debian)

Register the plugin

Like the Authentication HowTo say, you must insert a record in the auth_sources database table. I use sqlite3 so in my case I did:

$ sqlite3 /var/lib/dbconfig-common/sqlite3/redmine/instances/default/redmine_default
sqlite> insert into auth_sources values (NULL, 'AuthSourcePam', 'Pam', 'localhost', 1, 'user', 'pass', 'app', 'name', 'firstname', 'lastname', 'email', 1, 0);

Selecting authentication method

Now, you must restart redmine and go to the user administration page. In the “Authentication” section there is now a new option called “Authentication mode” and you may select among “internal” or “Pam”. That is all.

redmine-pam

Comments

I’m sorry if the plugin code contains errors, but it is my very first Ruby program. Please, comment if you have some suggestion or problem.

References

blog comments powered by Disqus