pam_gromox - a PAM plugin to authenticate with Gromox

Name Description Incantation in /etc/pam.d/smtp PAM module arguments Configuration directives See also

Name

pam_gromox — a PAM plugin to authenticate with Gromox

This module feeds authentication requests to Gromox’s authmgr(4gx) module, and thus mysql_adaptor(4gx) and/or ldap_adaptor(4gx). It does not rely on the availability of any Gromox service; just MySQL/LDAP is enough. pam_gromox is meant to be used in conjunction with non-Gromox processes that an administrator may wish to integrate with, such as an SMTP daemon.

Incantation in /etc/pam.d/smtp

Gromox accounts are not mapped from or to any Unix accounts, so the pam_unix.so module that is present in the default /etc/pam.d/smtp module list within Linux distributions is not suitable and can be wholly replaced. In otherwords, /etc/pam.d/smtp need just contain:

auth required pam_gromox.so service=smtp
account required pam_permit.so

(pam_gromox does not provide a usable "account" handler, therefore "account required pam_gromox.so" would do nothing. The PAM framework always starts out with an initial deny policy, so at least one module needs to be called to make the PAM request succeed. For this reason, if there are no other "account" modules listed, pam_permit.so should be used.)

PAM module arguments

service=s

Check for a specific privilege bit on the user account. Possible values for s are: exch, smtp, imap, pop3, chat, video, files, archive.
Default: smtp

Configuration directives

The usual config file location is /etc/gromox/pam.cfg.
config_file_path

Colon-separated list of directories in which further configuration files, especially those used by plugin instances, will be searched.
Default: /etc/gromox/pam:/etc/gromox

pam_prompt

If pam_gromox detects the absence of a password but presence of a PAM conversation function, it will attempt to retrieve the password that way, and in doing so, will show this label just ahead of the nonechoing password prompt.
Default: Password: