summaryrefslogtreecommitdiffstats
path: root/remote/modules
diff options
context:
space:
mode:
Diffstat (limited to 'remote/modules')
-rwxr-xr-xremote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm12
1 files changed, 10 insertions, 2 deletions
diff --git a/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm b/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
index e86a5067..4a6fc132 100755
--- a/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
+++ b/remote/modules/pam-bwidm/data/opt/openslx/scripts/pam_bwidm
@@ -1,7 +1,15 @@
#!/bin/ash
#
-# This script is to be called by PAM (specifically pam_exec).
-#
+# This script is to be called by PAM (specifically pam_exec).
+# We expect the username in the form: username@organisation
+# If it is in that form, we will query the masterserver for the list
+# of supported IdPs and if one matches the user's organisation
+# we will try to authenticate against it
+
+# check if we are allowed to run
+. /opt/openslx/config
+[ -z "${SLX_BWIDM_AUTH}" -a "x${SLX_BWIDM_AUTH}" != "xyes" ] && echo "bwIDM login disabled in openslx-config." && exit 1
+
# fix PATH as PAM clears it
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/sbin:/opt/openslx/bin"
if ! busybox which curl; then
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-06 22:59:31 +0100