I have a couple of small web applications that I have built for myself (wiki, system monitoring, etc.) There didn’t seem much point in adding a database for authentication, so I put together a strategy for using PAM and OmniAuth.
It depends on OmniAuth (~> 1.0),
rpam-ruby19 and the PAM headers (that’s the
libpam0g-dev package on Debian and Ubuntu.)
It has only been tested on Debian 6.0 using Ruby 1.9.3-p0 (but there’s no reason why it won’t work elsewhere.)
The project is on GitHub. Log an issue if something doesn’t work as you expect.
Include provider type:
use Rack::Session::Cookie use OmniAuth::Strategies::PAM
Implement the callback (as in the OmniAuth documentation), and then navigate to:
It uses the authenticated user as the UID, as on a Linux system this would be unique.
Supporting Ruby 1.8
There is an older gem available for Ruby 1.8 for supporting PAM. The syntax is slightly different, but only a small change if you wanted it.
Instead of including
rpam-ruby19 instead use
rpam and change the implementation of
def callback_phase unless authpam(request['username'], request['password']) return fail!(:invalid_credentials) end super end
You will also need to add
include Rpam beneath
As it’s only small (the whole thing is tiny as it is) I figured it’d be best to document the difference, rather than aim to support two different gems.