GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → CyberDem0n → pam-oauth2

CyberDem0n / pam-oauth2

Licence: MIT license
OAuth2 pam module

Programming Languages

c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

oauth2pam

Projects that are alternatives of or similar to pam-oauth2

pam-exec-oauth2
Allows Linux user authentication to OAuth2 via pam_exec
Stars: ✭ 73 (-38.14%)
Mutual labels:  pam
Howdy
🛡️ Windows Hello™ style facial authentication for Linux
Stars: ✭ 3,237 (+2643.22%)
Mutual labels:  pam
Teleport
Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops
Stars: ✭ 10,602 (+8884.75%)
Mutual labels:  pam
pam panic
A PAM module that protects sensitive data and provides a panic function for emergency situations. Authentication through passwords or removable media.
Stars: ✭ 35 (-70.34%)
Mutual labels:  pam
fingerprint-gui
Use fingerprint readers with a Linux desktop environment
Stars: ✭ 47 (-60.17%)
Mutual labels:  pam
bottle-ssl
A simple web page using BottlePy and SSL
Stars: ✭ 47 (-60.17%)
Mutual labels:  pam
webdav-server-rs
webdav server in rust
Stars: ✭ 65 (-44.92%)
Mutual labels:  pam
privx-on-aws
PrivX - Just-in-time Access Management
Stars: ✭ 18 (-84.75%)
Mutual labels:  pam
pam e4crypt
PAM module for unlocking transparently encrypted directories on ext4
Stars: ✭ 18 (-84.75%)
Mutual labels:  pam
pam pwnd
A PAM module to test passwords against previous leaks at haveibeenpwned.com
Stars: ✭ 33 (-72.03%)
Mutual labels:  pam
hola
Windows Hello™ style facial authentication for Linux written in Rust
Stars: ✭ 54 (-54.24%)
Mutual labels:  pam
pam
Safe Rust API to the Linux Pluggable Authentication Modules (PAM)
Stars: ✭ 60 (-49.15%)
Mutual labels:  pam
clarion
WebAuthn (U2F) helper for CLI operations (e.g. SSH Log in)
Stars: ✭ 78 (-33.9%)
Mutual labels:  pam
pam hook
Pam based webhook authentication for Kubernetes
Stars: ✭ 76 (-35.59%)
Mutual labels:  pam
python-pam
Python pam module supporting py3 (py2 support still exists but is deprecated)
Stars: ✭ 96 (-18.64%)
Mutual labels:  pam

OAuth2 PAM module

This PAM module enables login with OAuth2 token instead of password.

How to install it:

$ sudo apt-get install libcurl4-openssl-dev libpam-dev
$ git submodule init
$ git submodule update
$ make
$ sudo make install

Configuration

auth sufficient pam_oauth2.so <tokeninfo url> <login field> key1=value2 key2=value2
account sufficient pam_oauth2.so

How it works

Lets assume that configuration is looking like:

auth sufficient pam_oauth2.so https://foo.org/oauth2/tokeninfo?access_token= uid grp=tester

And somebody is trying to login with login=foo and token=bar.

pam_oauth2 module will make http request https://foo.org/oauth2/tokeninfo?access\_token=bar (tokeninfo url is simply concatenated with token) and check response code and content.

If the response code is not 200 - authentication will fail. After that it will check response content:

{
  "access_token": "bar",
  "expires_in": 3598,
  "grp": "tester",
  "scope": [
    "uid"
  ],
  "token_type": "Bearer",
  "uid": "foo"
}

It will check that response is a valid JSON object and top-level object contains following key-value pairs:

  "uid": "foo",
  "grp": "tester"

If some keys haven't been found or values don't match with expectation - authentication will fail.

Issues and Contributing

Oauth2 PAM module welcomes questions via our issues tracker. We also greatly appreciate fixes, feature requests, and updates; before submitting a pull request, please visit our contributor guidelines.

License

This project uses the MIT license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].