我有一个perl脚本,从外部进程获取用户名和密码,然后使用Vintela进行用户身份验证 . 一切都很有效,直到有人强迫Vintela冲洗它的缓存 . 刷新缓存后,Authen :: PAM模块返回代码10,这意味着它找不到用户名 .
如果我在shell中运行“id $ username”命令然后运行脚本,那么该用户的一切都恢复正常 . 或者如果用户SSH进入系统,那么Authen :: PAM可以很好地工作 .
在 生产环境 服务器上,用户不要SSH进入服务器,因此在Vintela刷新后,用户无法再登录 . 在我对它们进行身份验证之前,我不想为每个用户运行“id”命令 . 有没有办法可以强制脚本或PAM模块查找用户然后验证它们?
脚本 -
BEGIN {
unshift(@INC, "..", "/usr/local/staf/bin", "/usr/local/staf/lib", "C:/STAF/Bin");
}
use strict;
use PLSTAF;
require Authen::PAM;
my $GlobalUserName = <STDIN>;
my $GlobalPasswd = <STDIN>;
my $result = -1;
$GlobalPasswd = STAF::RemovePrivacyDelimiters($GlobalPasswd);
my $pamHandle = Authen::PAM->new("login", $GlobalUserName, \&conversionFunction);
$result = $pamHandle->pam_authenticate();
# force the destructor execution for PAM
$pamHandle = 0;
# When $result is 0 then user has been authenticated
if ($result == 0) {
print $result;
exit $result;
}
else {
exit $result;
}
sub conversionFunction {
my @response = ();
# PAM constants
my $pamEchoOn = Authen::PAM->PAM_PROMPT_ECHO_ON();
my $pamEchoOff = Authen::PAM->PAM_PROMPT_ECHO_OFF();
my $pamSuccess = Authen::PAM->PAM_SUCCESS();
while ( @_ ) {
my $code = shift;
my $msg = shift;
my $answer = "";
if ($code == $pamEchoOn) {
$answer = $GlobalUserName;
}
if ($code == $pamEchoOff) {
$answer = $GlobalPasswd;
}
# response is always in pairs, response code and the actual answer
push(@response, $pamSuccess, $answer);
}
push(@response, $pamSuccess);
return @response;
}