PAM Authentication for Kannel
Though kannel already has some pam functionality included, it’s far from optimal imho.
As it is now, to use pam authentication you have to:
1. Configure with –enable-pam and compile.
2. Create an smsbox-user called “pam” with a dummy password.
3. Create a pam configuration file called “kannel” on /etc/pam.d/, with your pam settings.
4. Kannel will then use only pam for authentication, so you could use LDAP, Radius or whatever supported authentication modules you have configured on the box.
* Other smsbox-user‘s are disabled, only the “pam” user is allowed to authenticate.
* All users would get logged as “pam”, so you cannot make settings per users of any kind.
* Only one pam group is allowed.
After applying the patch, pam authentication gets managed with a special group sendsms-pam-user, which shares most of sendsms-user parameters, except for username and password, and adds the acl parameter instead.
group = sendsms-pam-user
acl = kannel
<other sendsms-user parameters>
* You can define as many groups as needed, pointing to different pam configuration files.
* The acl parameter points to the pam module on /etc/pam.d/ (“kannel” in this case, but could be anything you want).
* Pam authentication is only attempted after trying the regular sendsms-user way, so you can have local users and pam users at the same time (local taking precedence).
* Each sendsms-pam-user group will be logged separately, and you’ll also get info about the pam user making the call.
To use the patch:
1. Download the patch here and apply it.
2. Run ./bootstrap.sh
3. Run ./configure –enable-pam
4. make and make install as usual.
As usual, please try it and let me know what you think.