pam-exec-oauth2

command module
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2021 License: MIT Imports: 15 Imported by: 0

README

pam-exec-oauth2

Install

go get github.com/shimt/pam-exec-oauth2

PREFIX=/opt/pam-exec-oauth2

sudo mkdir $PREFIX
sudo cp go/bin/pam-exec-oauth2 $PREFIX/pam-exec-oauth2
sudo touch $PREFIX/pam-exec-oauth2.yaml
sudo chmod 755 $PREFIX/pam-exec-oauth2
sudo chmod 600 $PREFIX/pam-exec-oauth2.yaml

Configuration

PAM

add the following lines to /etc/pam.d/common-auth

#### create user and authenticate on login #####
auth sufficient pam_exec.so expose_authtok /opt/pam-exec-oauth2/pam-exec-oauth2

add the following lines to /etc/pam.d/common-session

#### remove user on logout #####
session     optional    pam_exec.so quiet /opt/pam-exec-oauth2/pam-exec-oauth2
pam-exec-oauth2.yaml

edit /opt/pam-exec-oauth2/pam-exec-oauth2.yaml

Azure AD
---
client-id: "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
client-secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
redirect-url: "urn:ietf:wg:oauth:2.0:oob"
scopes: 
    - "email"
endpoint-auth-url: "https://login.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize"
endpoint-token-url: "https://login.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/token"
username-format: "%s@example.org"
createuser: true
sufficient-roles: 
    - "serverAccess"
allowed-roles: 
    - "wheel"
Keycloak
---
client-id: "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
client-secret: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
redirect-url: "urn:ietf:wg:oauth:2.0:oob"
scopes: 
    - "email"
endpoint-auth-url: "https://%host%/auth/realms/%yourrealm%/protocol/openid-connect/auth"
endpoint-token-url: "https://%host%/auth/realms/%yourrealm%/protocol/openid-connect/token"
username-format: "%s"
createuser: true
sufficient-roles: 
    - "serverAccess"
allowed-roles: 
    - "wheel"

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.