Is it possible to use custom script for authentication with PAM?

ssh ruby ruby-on-rails sftp pam

pam_exec can validate passwords using an external program.


You could write your own PAM module if you want. But the other solution is probably better. Check out a sample PAM module here: http://www.freebsd.org/doc/en/articles/pam/pam-sample-module.html


If this rails info is in a mysql dbase you can configure pam_mysql. There are pam modules for just about everything.

Here's one for ftp that I have with mysql:

session    optional     pam_keyinit.so    force revoke
auth       required pam_listfile.so   item=user sense=allow file=/etc/vsftpd/ftpusers onerr=fail
auth       sufficient   pam_mysql.so      user=virt_admin passwd=PASS host=localhost db=DBNAME table=TABLENAME usercolumn=USERNAMECOL passwdcolumn=PASSCOL crypt=3
auth       required pam_shells.so
auth       include  system-auth
account    sufficient   pam_mysql.so       user=virt_admin passwd=PASS host=localhost db=DBNAME table=TABLENAME usercolumn=USERNAMECOL passwdcolumn=PASSCOL crypt=3
account    include  system-auth
session    include  system-auth
session    required     pam_loginuid.so

You could also run a script that periodically dumps the username:passwords into a file and use the pam_pwdfile. There are a slew of choices.

http://www.kernel.org/pub/linux/libs/pam/modules.html

Related

How to physically secure a public terminal? [closed]
Backup security: Why same keys to backup and restore?
Multicast in Rackspace cloud
Managed Switch Question?
How to mount a drive on startup in Ubuntu?
How GZipped contents are transfered on the web?
WebDav rename fails on an Apache mod_dav install behind NginX
Moving Server to new Hardware - SBS 2008
Bought a 1U server, now can't find rails
Which free RDBMS is best for small in-house development? [closed]
Exporting a VM running as a Domain Controller
Difference between RPM (yum) and apt-get