linux密碼登錄時加入本身登錄驗證模塊(pam)

摘自:http://blog.chinaunix.net/uid-31542012-id-5790273.htmlhtml

操做系統環境:RHEL7.1session

一、編譯動態庫pam_mylogin.soapp

二、將該動態庫拷貝至/lib64/security/ssh

三、如需修改本機的登錄方式,請按以下紅框方式修改/etc/pma.d/login 文件:ide

 

 四、如需修改ssh的登錄方式,請按以下紅框方式修改/etc/pma.d/sshd 文件:ui

  

4.修改/etc/pma.d/lightdm文件增長以下紅色內容:

#%PAM-1.0
auth    requisite       pam_mylogin.so
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin

spa

五、編寫文件:pam_mylogin.c操作系統

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
int myloginVerify(pam_handle_t *pamh)
{
    int retval;
    char* pPw;
    char * p = "Password===========:";
    retval = pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&pPw,"%s",p);
    printf(">>>>>>>>>pPw=%s\n",pPw);
    if (retval != PAM_SUCCESS) {
        printf("pam_prompt failed!\n");
        return 0;
    }
    char pw[7]="asdfgh";
    printf(">>>>>>>>>pw=%s\n",pw);
    int i = 0;
    for(i=0;i<6;i++)
    {
        printf("%d>>>pw[%d]=%c pPw[%d]=%c\n",i,i,pw[i],i,pPw[i]);
        if(pw[i]!=pPw[i])
        {
            return 0;
        }
        return 1;
    }
}
int Verify(pam_handle_t *pamh)
{
    if(!myloginVerify(pamh))
        return PAM_CONV_ERR;
    return PAM_SUCCESS;
}
// Authentication API's
PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
    printf("pam_sm_setcred>>>>>>>\n");
    return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
    printf("pam_sm_authenticate>>>>>>>>\n");
    int retval;
    const char* pUsername;
    retval = pam_get_user(pamh, &pUsername, NULL);

    printf("begin call hotdoorpam %s\n", pUsername);
    if (retval != PAM_SUCCESS) {
        printf("pam_get_user failed\n");
        return retval;
    }
    if(!strcasecmp("root",pUsername))
    {
        printf("root user!\n");
    }
    else
    {
        printf("normal user!\n");
    }

    return Verify(pamh);
}
/* Account Management API's */
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
    printf("pam_sm_acct_mgmt>>>>>>>>\n");
    return PAM_SUCCESS;
}

/* Session Management API's */
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,int argc, const char **argv){
    printf("pam_sm_open_session>>>>>>>>\n");
    return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,int argc, const char **argv){
    printf("pam_sm_close_session>>>>>>>>\n");
    return PAM_SUCCESS;
}
/* Password Management API's */
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,int argc, const char **argv){
    printf("pam_sm_chauthtok>>>>>>>>\n");
    return PAM_SUCCESS;
}

六、編寫Makefile.net

SOURCE = pam_mylogin.c
all:
    gcc $(SOURCE) -fPIC -shared -o pam_mylogin.so
clean:
    rm -f pam_mylogin.so pam_mylogin.o
copy:
    cp -f pam_mylogin.so  /lib64/security/

 七、驗證:Ctrl + Alt + F2unix

相關文章
相關標籤/搜索