
pam_authuser version 0.1.1

Summary:
pam_authuser is a PAM module designed to help control access to a compute cluster.

Supported systems:
pam_authuser should work on any system that supports linux-pam.  If it does not, it is a bug!  It has only been tested on GNU/Linux at this point.

Build:
1. unpack the distribution
2. run GNU Make (make) in the distribution directory.

Install:
1. run make install (again with GNU Make) in the distribution directory.

Usage:
pam_authuser is intended to be included in one or more of your pam 
configuration files.  I use it in the /etc/pam.d/system-auth file to control 
access for anything that uses the system-auth configuration.  Obviously, it can be used just as any other account PAM module would be.

The authuser file:
One or more files containing lists of users that are allowed to log in may be listed in the configuration file.

Netgroups:
One or more netgroups containing users that are always allowed to log in may be listed in the configuration file.  I maintain a netgroup containing the set of system administrators for a particular machine.

Basic configuration (with the system-auth file):
My system-auth file looks like this:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so
# allow the users listed in /etc/authuser or the users in the systaff netgroup 
# to log into this machine
account     sufficient    /lib/security/pam_authuser.so authuser=/etc/authuser netgroup=systaff
account     required      /lib/security/pam_deny.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow nis
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

Help:
pam_authuser was originally developed by Shawn Sustaita and James E. Prewett 
(download@hpc.unm.edu) at The Center for High Performance Computing at the 
University of New Mexico.

pam_authuser is currently being maintained by James E. Prewett (download@hpc.unm.edu).

Patches/feature requests:
All patches and feature requests should be sent to download@hpc.unm.edu.  I will gladly accept patches (that look OK) and will try to add useful features as time permits.
