1

我正在使用 openvpn,一个 PAM 感知应用程序。它有以下有用的文档:

For example:

  plugin openvpn-auth-pam.so "login login USERNAME password PASSWORD"

tells auth-pam to (a) use the "login" PAM module, (b) answer a
"login" query with the username given by the OpenVPN client, and
(c) answer a "password" query with the password given by the
OpenVPN client.  This provides flexibility in dealing with the different
types of query strings which different PAM modules might generate.
For example, suppose you were using a PAM module called
"test" which queried for "name" rather than "login":

现在我想在 /etc/pam.d 中创建一个 openvpn 配置,从 openvpn PAM 插件获取用户名/密码并将其传递给脚本。进入:

pam_exec.so

使用以下命令设置 PAM openvpn 配置:

auth required pam_exec.so myscript

并配置openvpn调用:

plugin openvpn-auth-pam.so "openvpn login USERNAME password PASSWORD"

一切似乎都是直截了当的。让我明白的部分是我用来将 openvpn 中定义的登录名/密码输出到脚本的语法。pam_exec.so 的文档似乎忽略了这个关键问题。

例如:

auth required pam_exec.so myscript %login %password

以上只是我的伪代码,它可能看起来如何,这个语法应该是什么样子?

4

1 回答 1

0

完整的答案发布在这里:

https://forums.openvpn.net/viewtopic.php?t=8310

在不完全复制该答案的情况下,其要点是 openvpn 的 server.config 中的配置需要是:

plugin /usr/local/openvpn/sbin/openvpn-auth-pam.so "openvpn"

与文档中提供的示例相反:

plugin openvpn-auth-pam.so "login login USERNAME password PASSWORD"
于 2011-06-17T05:56:23.307 回答