PAM Authentication for Kannel

Though kannel already has some pam functionality included, it’s far from optimal imho.

As it is now, to use pam authentication you have to:

1. Configure with –enable-pam and compile.
2. Create an smsbox-user called “pam” with a dummy password.
3. Create a pam configuration file called “kannel” on /etc/pam.d/, with your pam settings.
4. Kannel will then use only pam for authentication, so you could use LDAP, Radius or whatever supported authentication modules you have configured on the box.


* Other smsbox-user‘s are disabled, only the “pam” user is allowed to authenticate.
* All users would get logged as “pam”, so you cannot make settings per users of any kind.
* Only one pam group is allowed.

After applying the patch, pam authentication gets managed with a special group sendsms-pam-user, which shares most of sendsms-user parameters, except for username and password, and adds the acl parameter instead.

group = sendsms-pam-user
acl = kannel
<other sendsms-user parameters>

* You can define as many groups as needed, pointing to different pam configuration files.
* The acl parameter points to the pam module on /etc/pam.d/ (“kannel” in this case, but could be anything you want).
* Pam authentication is only attempted after trying the regular sendsms-user way, so you can have local users and pam users at the same time (local taking precedence).
* Each sendsms-pam-user group will be logged separately, and you’ll also get info about the pam user making the call.

To use the patch:

1. Download the patch here and apply it.
2. Run ./
3. Run ./configure –enable-pam
4. make and make install as usual.

As usual, please try it and let me know what you think.


Comments (1)

MirandaNovember 1st, 2010 at 9:10 am

Hello, Alejandro.

Do you have kannel-pam-patch for 1.5.0 version of kannel?

Leave a comment

Your comment