3.50. <AuthBy PAM>

<AuthBy PAM> provides authentication via any method supported by PAM (Pluggable Authentication Modules) on your host. It is implemented in AuthPAM.pm. It requires that PAM be installed and configured on your host, and it also requires the Perl module Authen::PAM 0.04 or later. It is part of CPAN. For more information, see Section 2.1.2. CPAN.
<AuthBy PAM> asks PAM to authenticate the user using the PAM service specified with the Service parameter (defaults to login).
AuthBy PAM has not been tested on Windows platforms.
Tip
Make sure PAM is configured on your host before building and testing the Authen-PAM Perl module, otherwise make test will report errors. This will usually require configuring /etc/pam.conf, or perhaps /etc/pam.d/login for the login service. For example, on our Red Hat Enterprise Linux 5.2, we found that we had to remove the pam_securetty from our /etc/pam.d/login file to enable testing from other than a secure TTY. Consult your system documentation for details on configuring PAM.
<AuthBy PAM> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>.

3.50.1. Service

This optional parameter specifies the PAM service to be used to authenticate the user name. If not specified, it defaults to login
# We want to use the PAM "ppp" service to authenticate our users
Service ppp

3.50.2. UsePamEnv

This optional parameter allow you to get UID, GID etc. if your PAM supports it, and your Authen::PAM was compiled with -DHAVE_PAM_ENV_FUNCTIONS. This can be useful with PAM authenticators which can supply UID, GID or other values of the user.
If this parameter is set, AuthBy PAM will gather PAM Environment strings and use them to set RADIUS reply attributes according to the following table:

Table 9. How PAM Environment strings are converted to RADIUS reply attributes

PAM Env string RADIUS reply attribute
UID OSC-Uid
GID OSC-Gid
HOME OSC-Home
SHELL OSC-Shell

3.50.3. PasswordPrompt

This optional parameter allows you to specify the prompt string which PAM uses to ask for a password. Defaults to ‘password’. You may need to change this if your PAM module asks for data with a different prompt, such as ‘Code’.