pam

Documentation

Overview

Package pam implements the PAM for user authentication.

Index

• func AddFilter(ft string, filter filter.Doer)
• func Authenticate(pamh *C.pam_handle_t) C.int
• func Filter(ft string) (filter.Doer, error)
• func SetNonSSHAgentAuthN(fn AuthNFn)
• type AuthNFn
  • func NonSSHAgentAuthN() AuthNFn

Functions

func AddFilter

func AddFilter(ft string, filter filter.Doer)

AddFilter added a filter with its name into the registry.

func Authenticate

func Authenticate(pamh *C.pam_handle_t) C.int

Authenticate is the entry of Go language part. It is invoked by pam_sm_authenticate in C language part.

func Filter

func Filter(ft string) (filter.Doer, error)

Filter returns the registered filter by the given name.

func SetNonSSHAgentAuthN

func SetNonSSHAgentAuthN(fn AuthNFn)

SetNonSSHAgentAuthN sets the fallback authentication method when the ssh-agent connection fails.

Types

type AuthNFn

type AuthNFn func(principal string, config conf.Config, sysLogger *syslog.Writer) error

AuthNFn is the interface to do authentication for the given principal. Currently, we don't set up multiple go PAM library into the same, because dynamically linking multiple cgo runtime into same process would cause the program crash. (A similar issue at go 1.7: https://github.com/golang/go/issues/18976). So we declare an interface here to inject secondary or fallback authN method (e.g. CryptoAuth) into PAM_SSHCA. TODO: Investigate the cgo runtime issue again and check if there's a workaround to integrate multiple cgo libraries into the same pam config.

func NonSSHAgentAuthN

func NonSSHAgentAuthN() AuthNFn

NonSSHAgentAuthN returns the method of the fallback authentication when the ssh-agent connection fails.