modules/pam_auth/README.txt

$Id: README.txt,v 1.1 2007/11/12 18:39:22 nschelly Exp $

Overview
---------

The PAM Auth module is based vaguely on a skeleton of the IMAP Auth module
(http://drupal.org/project/imap_auth).  It accomplishes the same goal except
that it uses the PHP5-PAM module to accomplish the authentication.  It also 
borrows some ideas from the ldap_integration module for password-form
adjustments.

Requirements
------------
* Drupal 5.x or later
* Php PAM extension
  [http://packages.debian.org/etch/php5-auth-pam]

Install
-------

1. Copy the 'pam_auth' module directory in to your Drupal
   modules directory as usual

2. Activate the module via the Drupal module configuration menu
   (Administer >> Site building >> Modules)

3. Configuration: "Administer >> Site configuration >> PAM auth"

PAM authentication:
 * Enabled: Users will be able to get logged in using PAM accounts
 * Disabled : Turn off PAM authentication.

Password changing forms:
 * Enabled: Users will still be able to change their passwords on edit user
pages and request new passwords from the login prompts.
 * Disabled: Password forms will be altered so that users cannot change
their passwords.  This is recommended because this module does not relay
those changes to the underlying PAM authentication.

Important Note for when it doesn't work!!
-----------------------------------------
The PHP PAM module is not particularly popular because it requires the PHP
process owner to be privileged enough to perform the PAM authentication.  If
you're using /etc/shadow for your usernames and passwords, that probably means
that the Apache process owner needs to be added to the shadow group.  Every
distro may be different and different PAM configurations (like LDAP) may be
more or less possible.  But in the common case of using shadow passwords as
most Linux systems do by default, Apache will need to be able to read
/etc/shadow.  Please just be aware of the potential security implications of
doing that, however obscure.

Authors
-------
Neil Schelly     [http://drupal.org/user/182824]

License
-------
GPL (see LICENSE.txt)
1	$Id: README.txt,v 1.1 2007/11/12 18:39:22 nschelly Exp $
2
3	Overview
4	---------
5
6	The PAM Auth module is based vaguely on a skeleton of the IMAP Auth module
7	(http://drupal.org/project/imap_auth). It accomplishes the same goal except
8	that it uses the PHP5-PAM module to accomplish the authentication. It also
9	borrows some ideas from the ldap_integration module for password-form
10	adjustments.
11
12	Requirements
13	------------
14	* Drupal 5.x or later
15	* Php PAM extension
16	[http://packages.debian.org/etch/php5-auth-pam]
17
18	Install
19	-------
20
21	1. Copy the 'pam_auth' module directory in to your Drupal
22	modules directory as usual
23
24	2. Activate the module via the Drupal module configuration menu
25	(Administer >> Site building >> Modules)
26
27	3. Configuration: "Administer >> Site configuration >> PAM auth"
28
29	PAM authentication:
30	* Enabled: Users will be able to get logged in using PAM accounts
31	* Disabled : Turn off PAM authentication.
32
33	Password changing forms:
34	* Enabled: Users will still be able to change their passwords on edit user
35	pages and request new passwords from the login prompts.
36	* Disabled: Password forms will be altered so that users cannot change
37	their passwords. This is recommended because this module does not relay
38	those changes to the underlying PAM authentication.
39
40	Important Note for when it doesn't work!!
41	-----------------------------------------
42	The PHP PAM module is not particularly popular because it requires the PHP
43	process owner to be privileged enough to perform the PAM authentication. If
44	you're using /etc/shadow for your usernames and passwords, that probably means
45	that the Apache process owner needs to be added to the shadow group. Every
46	distro may be different and different PAM configurations (like LDAP) may be
47	more or less possible. But in the common case of using shadow passwords as
48	most Linux systems do by default, Apache will need to be able to read
49	/etc/shadow. Please just be aware of the potential security implications of
50	doing that, however obscure.
51
52	Authors
53	-------
54	Neil Schelly [http://drupal.org/user/182824]
55
56	License
57	-------
58	GPL (see LICENSE.txt)