<?php /** * eGroupWare API - Auth from PAM * * @link http://www.egroupware.org * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License * @package api * @subpackage authentication * @version $Id$ */ /** * Auth from PAM * * Requires PHP PAM extension: pecl install pam * * To read full name from password file PHP's posix extension is needed (sometimes in package php_process) */ class auth_pam implements auth_backend { /** * password authentication * * @param string $username username of account to authenticate * @param string $passwd corresponding password * @param string $passwd_type='text' 'text' for cleartext passwords (default) * @return boolean true if successful authenticated, false otherwise */ function authenticate($username, $passwd, $passwd_type='text') { if (pam_auth($username, get_magic_quotes_gpc() ? stripslashes($passwd) : $passwd)) { // for new accounts read full name from password file and pass it to EGroupware if (!$GLOBALS['egw']->accounts->name2id($username) && function_exists('posix_getpwnam') && ($data = posix_getpwnam($username))) { list($fullname) = explode(',',$data['gecos']); $parts = explode(' ',$fullname); if (count($parts) > 1) { $lastname = array_pop($parts); $firstname = implode(' ',$parts); $email = common::email_address($firstname, $lastname, $username); $GLOBALS['auto_create_acct'] = array( 'firstname' => $firstname, 'lastname' => $lastname, 'email' => $email, 'account_id' => $data['uid'], ); } } return True; } return False; } /** * changes password * * @param string $old_passwd must be cleartext or empty to not to be checked * @param string $new_passwd must be cleartext * @param int $account_id=0 account id of user whose passwd should be changed * @return boolean true if password successful changed, false otherwise */ function change_password($old_passwd, $new_passwd, $account_id=0) { // deny password changes. return False; } }