The are three ways to define custom authentication types:
You can write a PAM module implementing the new authentication
type. Then, specifying Auth-Type = PAM
allows to apply
it (see section PAM Authentication Type).
Alternatively, you may write a Scheme procedure implementing the new
authentication type. To apply it, use Scheme-Procedure
attribute
in RHS. The Auth-Type = Accept
can be used in LHS if
the whole authentication burden is to be passed to the Scheme procedure.
For example, if one wrote a procedure my-auth
, to apply it to
all users, one will place the following profile in his `users'
file:
DEFAULT Auth-Type = Accept Scheme-Procedure = "my-auth"
For a discussion of how to write Scheme authentication procedures, See section Authentication with Scheme.
The third way to implemement your own authentication method is using an external program. This is less effective than the methods described above, but may be necessary sometimes. To invoke the program, use the following statement in the RHS of `users' entry:
Exec-Program-Wait = "progname args"
The progname must be the full path to the program, args --- any arguments it needs. The usual substitutions may be used in args to pass any request attributes to the program (see section Macro Substitution).
For a detailed description of Exec-Program-Wait
attribute and
an example of its use, See section Exec-Program-Wait.
Go to the first, previous, next, last section, table of contents.