Skip to content

gohourglass/pam-python-iam

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
lib/security
lib/security
 
 
usr
usr
 
 
README.md
README.md
 
 

Repository files navigation

pam-python-crowd

This is a mechanism for logging into a Linux computer using Amazon's IAM service.

Currently, if the user doesn't have a matching account in /etc/passwd, one will be created via potentially unsafe use of pam_exec.so.

NOTE: If the user doesn't yet exist locally, it will be created -- however, it will fail to auth until a second try at login. This is due to PAM not noticing when a user is created mid-authorization.

Requirements

  • pam_python (I used the version from the ubuntu repositories)
  • pam_exec (to run the script to add the user when they login the first time).
  • An AWS account with IAM properly set up.
  1. Copy usr/share/pam-configs/pam_config_python_iam into /usr/share/pam-configs
  2. Ensure your IAM is set up properly (Sign-in url, user with login profile, etc)
  3. Edit lib/security/pam_iam.py to set the AWS credentials. I recommend using a specific set of IAM creds for this
  4. Copy lib/security/pam_iam.py to /lib/security
  5. Install the python modules boto and pyquery.
  6. Copy usr/local/bin/mk-iam-user to /usr/local/bin
  7. Run pam-auth-update and enable "PAM_Python Module with pam_iam.py". Save the config.
  8. Try logging in using an IAM user's credentials

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

22 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages