Testing PAM modules and PAM-aware applications in the Matrix

Jakub Hrozek and I are proud to announce the first release of pam_wrapper. This tool allows you to either simplify testing PAM modules or your application using PAM to authenticate users. PAM (Pluggable Authentication Modules) is a layer of abstraction on top of Unix authentication.

For testing PAM-aware applications we have written a simple PAM module called pam_matrix. If you plan to test a PAM module you can use the pamtest library we have implemented. It simplifies testing of modules. You can combine it with the cmocka unit testing framework or you can use the provided Python bindings to write tests for your module in Python.

Jakub and I have written an article for LWN.net to provide more details how to use it. You can find it here.

Now start testing your PAM module or application!

Automatic testing of PAM modules

Last week at the SambaXP conference I had a discussion with Günther Deschner about the testing of PAM modules. What we want to do is automatic testing. To achieve this in the Samba build farm you need a separate “pam.d” config directory for testing. You should be able to change the config and mess it up without getting locked out.

I’ve introduced a new function to PAM called pam_start_test() which takes and additional argument where you can specify the config directory. After this I’ve changed the call in pamtester and added a commandline option for the config directory. To do automatic testing I’ve added another commandline option to specify the password to use for authentication.

gladiac@maximegalon:~> pamtester -v -C/tmp/pam.d -Psecret login csync authenticate
pamtester: invoking pam_start(login, csync, ...)
pamtester: performing operation - authenticate
pamtester: successfully authenticated

You can find the patches here.

csync and pam_csync 0.42.0 beta1

I’ve released a new version of csync and pam_csync. csync is a bidirectional file synchronizer for Linux and allows to keep two copies of files and directories in sync. It uses uses widly adopted protocols like smb or sftp so that there is no need for a server component of csync. It is a user-level program which means there is no need to be a superuser. With pam_csync it is possible to create roaming home directories.

This version fixes several bugs to increase the stability of the file synchronizer. It provides a new plugin to synchronize two replicas with the sftp protocol. To get the csync sftp plugin working you need libssh 0.2 with the following two patches:

Map permission fields
Errno mapping

The libssh package in the network:synchronization:files project in the build service has these two patches. The csync version of the BS project provides a csync-plugin-sftp package.

Packages for Fedora 9, openSUSE and SUSE Linux Enterprise 10 can be downloaded here.

More information at http://www.csync.org/.