pam_gromox

Name

pam_gromox — a PAM plugin to authenticate with Gromox

Description

This module forwards authentication requests to the Gromox service plugins which themselves may pick MySQL or LDAP as a backend. pam_gromox is meant to be used in conjunction with non-Gromox SMTP/IMAP/etc. server processes that may be logically located before Gromox services and serving as accelerators.

Incantation in /etc/pam.d/smtp

Gromox accounts are not mapped from or to any Unix accounts, so the pam_unix.so module that is present in the default /etc/pam.d/smtp module list within Linux distributions is not suitable and can be wholly replaced. In otherwords, /etc/pam.d/smtp need just contain:

auth required pam_gromox.so
account required pam_permit.so

(pam_gromox does not provide a usable “account” handler, therefore “account required pam_gromox.so” would do nothing. The PAM framework always starts out with an initial deny policy, so at least one module needs to be called to make the PAM request succeed. For this reason, if there are no other “account” modules listed, pam_permit.so should be used.)

Configuration directives in /etc/gromox/pam.cfg

config_file_path
Colon-separated list of directories in which further configuration files, especially those used by plugin instances, will be searched.
Default: /etc/gromox/pam:/etc/gromox
pam_prompt
If pam_gromox detects the absence of a password but presence of a PAM conversation function, it will attempt to retrieve the password that way, and in doing so, will show this label just ahead of the nonechoing password prompt.
Default: Password:
service_plugin_ignore_errors
If set to yes, service plugins that fail to load on startup are ignored. If set to no, the daemon will exit if any plugin cannot be loaded.
Default: no
service_plugin_list
Path to a text file which lists the filenames of service plugins to load, one per line.
Default: (unspecified)
service_plugin_path
Path to a secondary directory where service plugins will be loaded from if a primary search in standard directories (as per ld.so(8)) was unsuccessful.
Default: /usr/lib/gromox

See also

gromox(7)