Giter Site home page Giter Site logo

alexander-naumov / pam2control Goto Github PK

View Code? Open in Web Editor NEW
3.0 2.0 2.0 145 KB

Easily configurable authentication provider

License: GNU General Public License v3.0

C 85.10% Makefile 3.76% Roff 11.15%
pam security linux login pam-authentication protection

pam2control's Introduction

pam2control

Build Status License

pam2control, commonly known as p2c, is the easily configurable PAM-based authentication provider. It makes it possible to manages access for some users (or group of users; LDAP is supported) just by adding one single line to the config file. It can notify you by sending an email if somebody login on server. It uses syslog and also its own logfile for every login-/logout-events.

It supports FreeBSD and GNU/Linux systems.

Features

  • Behavior of pam2control is set using config file.
  • Possibility to control access for single specific user, groups of users or LDAP groups.
  • Email notification for every new login.
  • 2FA for SSH login: autogenerated 8 digit one-time PIN via email.
  • Syslog messages (supports verbose debug mode).
  • Its own logfile for every login/logout events.
  • Works with OpenPAM and Linux-PAM.
  • p2ctl - console client of pam2control for PAM services management.
  • Separated access rules for SSH password and public key authentication.
  • GPG encryption for 2FA PIN and notification emails.
  • Separated access rules for SSH- and SCP-sessions.

Installing pam2control

git clone https://github.com/alexander-naumov/pam2control
cd pam2control/src
make
sudo make install

The p2c.conf man page has details on how to configure pam2control.

Credits

Copyright (c) 2018-2021 Alexander Naumov ([email protected]).

Licensed under GNU GPLv3 (see LICENSE file).

pam2control's People

Contributors

alexander-naumov avatar followmedown avatar serjan-nasredin avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

Forkers

followmedown lingvofactory

pam2control's Issues

p2ctl - the console client for pam2control

p2ctl should be used for pam2control configuration. It should be possible to check the syntax of config file, configure/manage /etc/pam.d/* files, show configured pam-modules, etc.

gcc 10.x build error: multiple definition of `log_path'; config.o:(.bss+0x0): first defined here

Xubuntu 20.04 still has GCC 9.3.0 and there is no problem. make works well.

$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:hsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 9.3.0-10ubuntu2' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)

openSUSE Tumbleweed has GCC 10.1.1 and build failed with error:

# make clean && make && make install
rm -f pam2control.o config.o log.o smtp.o conv.o pam2control.so
gcc    -c -o pam2control.o pam2control.c
gcc    -c -o config.o config.c
gcc    -c -o log.o log.c
gcc    -c -o smtp.o smtp.c
gcc    -c -o conv.o conv.c
gcc -Wall -fPIC -c pam2control.c config.c log.c smtp.c conv.c
gcc -shared -o pam2control.so pam2control.o config.o log.o smtp.o conv.o -lpam
/usr/lib64/gcc/x86_64-suse-linux/10/../../../../x86_64-suse-linux/bin/ld: log.o:(.bss+0x0): multiple definition of `log_path'; config.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
make: *** [GNUmakefile:27: pam2control] Error 1

$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/10/lto-wrapper
OFFLOAD_TARGET_NAMES=hsa:nvptx-none:amdgcn-amdhsa
Target: x86_64-suse-linux
Configured with: ../configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-languages=c,c++,objc,fortran,obj-c++,ada,go,d --enable-offload-targets=hsa,nvptx-none=/usr/nvptx-none,amdgcn-amdhsa=/usr/amdgcn-amdhsa, --without-cuda-driver --enable-checking=release --disable-werror --with-gxx-include-dir=/usr/include/c++/10 --enable-ssp --disable-libssp --disable-libvtv --disable-cet --disable-libcc1 --enable-plugin --with-bugurl=https://bugs.opensuse.org/ --with-pkgversion='SUSE Linux' --with-slibdir=/lib64 --with-system-zlib --enable-libstdcxx-allocator=new --disable-libstdcxx-pch --enable-libphobos --enable-version-specific-runtime-libs --with-gcc-major-version-only --enable-linker-build-id --enable-linux-futex --enable-gnu-indirect-function --program-suffix=-10 --without-system-libunwind --enable-multilib --with-arch-32=x86-64 --with-tune=generic --with-build-config=bootstrap-lto-lean --enable-link-mutex --build=x86_64-suse-linux --host=x86_64-suse-linux
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 10.1.1 20200507 [revision dd38686d9c810cecbaa80bb82ed91caaa58ad635] (SUSE Linux)

Archlinux has also GCC 10.1.0-2 and the same build error is there.
wg3RhfyJ2pY

Use getaddrinfo() instead of gethostbyname()

OBS build reports warning:

pam2control.x86_64: I: binary-or-shlib-calls-gethostbyname /lib64/security/pam2control.so
The binary calls gethostbyname(). Please port the code to use getaddrinfo().

Support for POSIX group

Right now it is possible to set acces rule for specific user: ssh open user boby
Would be nice to have support of POSIX group, what could make it possible to set access rules for group of users.

2FA via Telegram

The idea is very simple: using Telegram API to send one-time PIN for login to user's telegram client ;-)
Right now we have the same one-time PIN concept, but for SMTP communication.

OpenBSD support

Would be great to make it possible to run p2c on OpenBSD.

OpenBSD doesn't support PAM, but there is an OpenPAM port, that can be installed separately:

# pkg_add openpam
quirks-3.354 signed on 2020-06-13T22:22:39Z
quirks-3.245->3.354: ok
openpam-20141014: ok
Read shared items: ok

This ticket is more about research and development and not just "write the new code". Maybe, there are another better ways to port p2c on OpenBSD. Let's see.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.