diff options
| author | Jonathan Bauer | 2016-04-20 14:31:03 +0200 |
|---|---|---|
| committer | Jonathan Bauer | 2016-04-20 14:31:03 +0200 |
| commit | bf581a917457d9664a540b486ead39d39c23fb8a (patch) | |
| tree | 4b20f621473b072495a5449fd05dff992e6603d9 /remote | |
| parent | [pam-bwidm] read the password right from the beginning (diff) | |
| download | tm-scripts-bf581a917457d9664a540b486ead39d39c23fb8a.tar.gz tm-scripts-bf581a917457d9664a540b486ead39d39c23fb8a.tar.xz tm-scripts-bf581a917457d9664a540b486ead39d39c23fb8a.zip | |
[pam-bwidm] cancel bwIDM login if SLX_BWIDM_AUTH is not set/not yes
Diffstat (limited to 'remote')
| -rwxr-xr-x | remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm b/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm index e86a5067..4a6fc132 100755 --- a/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm +++ b/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm @@ -1,7 +1,15 @@ #!/bin/ash # -# This script is to be called by PAM (specifically pam_exec). -# +# This script is to be called by PAM (specifically pam_exec). +# We expect the username in the form: username@organisation +# If it is in that form, we will query the masterserver for the list +# of supported IdPs and if one matches the user's organisation +# we will try to authenticate against it + +# check if we are allowed to run +. /opt/openslx/config +[ -z "${SLX_BWIDM_AUTH}" -a "x${SLX_BWIDM_AUTH}" != "xyes" ] && echo "bwIDM login disabled in openslx-config." && exit 1 + # fix PATH as PAM clears it export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin" if ! busybox which curl; then |