DESCRIPTION="pam_dotfile is a module for pam to allow password-storing in \$HOME /dotfiles" HOMEPAGE="http://www.stud.uni-hamburg.de/users/lennart/projects/pam_dotfile/" <snip> #%PAM-1.0 auth sufficient pam_unix_auth.so auth sufficient pam_dotfile.so use_first_pass no_warn auth required pam_deny.so </snip> As user waldo: <snip> [waldo@wonderi] ~$ pam-dotfile-gen -a imap Password:quux Please repeat; password:quux Password added. </snip> That's it. User waldo may now access his IMAP mail store either by using his unix password or by using quux. Reproducible: Always Steps to Reproduce: did not test pam_dotfile might have security-holes
Created attachment 11661 [details] ebuild for pam_dotfile
I just found a small bug (not a security-bug), so wait for an updated version. (the problem lies in: pipe(p) <snip> close(0) close(1) close(2) dup2(p[0],0) if filedescriptor 0 or 1 or 2 was not opened when calling pipe p[0] is 0/1/2 which will be closed before doing dup2) ==== when
Created attachment 12895 [details] updated dotfile I finally found the time to update to the new version. Personally I even think many programs like exim and postgresql should depend on this package if compiled with pam-support, as they are not capable of using the existing pam installation. IMO this module is the best way to use pam for other things than logins!
wow there are other modules that do this already. pam_userdb comes to mind, which sounds a lot better than this.
Contrary to pam_userdb pam_dotfile does not use a central database. All passwords are stored in the users-home directory! In the example given, the file ~waldo/.pam-imap would be created and contains the encrypted password. For me this has some interesting properties: If I delete a User, i don"t have to remember to change de db used by userdb. If I want some passwords to be the same, I can hardlink those files to be one file. In addition the module does not depend on anything. I hope I will find the time to update the ebuild to version 0.6 next week.
Created attachment 16323 [details] 0.6 version of pam_dotfile
Created attachment 16722 [details] version 0.7 of pam_dotfile Is there a reason (except for Donny Davies prefering another tool) for not including this into portage?
No Christian Loitsch, only a time matter, where there are hundreds of user-submitted ebuilds and not enough developers to handle them all in a quick manner. But thank you for your submission Christian Loitsch.
Which category did you want this to appear in?
I would put it into syslibs.
I think it fits better in app-admin if you dont mind, not in the same category with glibc. Also, pam-dotfile-helper is landing in /usr/sbin, are you sure that's where you want it? Anyways, I've added it. Let me know if it's all ok and we'll remove the ~arch masking. Ciao.