Menu
I am looking for a PAM module that can use OpenID to do the authentication. My idea is that I want to logon my Linux box using my gmail account and password. I found there is a open source project in Google Code which seems to be doing the things I want but I don't see any code available for download.
I saw there are so many examples or implementations but they are all about web apps. Is there any non-web based OpenID applications in the world? Is it technically possible to make a non-web based OpenID application? I naively think that it should be possible. I can emulate whatever packets the browser send out to the OpenID provider and get back the result. As long as my Linux box is connected to the Internet, I should be able to use my OpenID to login.
Appreciate any comments, suggestions or pointers on how to make an OpenID PAM module.
Thanks!
761
This PAM module typically is located in the /usr/lib/security directory and its parameters are listed in the /etc/pam. conf file. In Linux, the /etc/pam. conf file can be replaced with a directory called /etc/pam.
Linux-PAM separates the tasks of authentication into four independent management groups: account modules check that the specified account is a valid authentication target under current conditions. This may include conditions like account expiration, time of day, and that the user has access to the requested service.
auth — These modules are used to authenticate the user by, for example, asking for and checking a password. It can also set credentials, such as group membership or Kerberos tickets.
I may misundertood the request, but Google (for exemple) provide a way to allow Client side and installed application to authenticate throught Google's API using OpenAUTH 2.0 standards.
As you can see in Using OAuth 2.0 for Installed Applications or even more in Using OAuth 2.0 for Devices.
Yes you're still needed to use browser interaction etc, but, python as well as ASP.NET are able to handle web request and for the Linux part, Gnome too through the WebKitGTK+ tools.
It may be a lead for your research.
Oh and by the way, about WebServices and OpenID etc, the pam module could be write in Python (for WebServer part) and be integrated to Gnome 3.2 easily (Also Python to modificate Gnome-Keyring API), AND in ASP.NET for the windows side.
But once again, I'm not a specialist of this question, just far interested by. ;-)
126
It's not the issue of the provider trusting the relying party.
The problem is in that the user has to trust it.
There are, however, three other issues:
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
