#Tag
Advice needed: I want to set up #Linux Kiosk PCs. Users must log in with a card ID and password that are verified via a PHP webservice against a MariaDB.
The challenge: I need the Linux desktop login (e.g., via a Display Manager like LightDM/GDM) to authenticate against the custom remote service.
How can I implement this? Custom PAM module? Python-pam? Scripts?馃
#PAM #linuxhelp #KioskMode
#Authentication #webservice
#PHP #Sysadmin #Python #foss #OpenSource
Just released: #swad 0.12 馃
swad is the "Simple Web Authentication Daemon". It basically offers adding form + #cookie #authentication to your reverse proxy (designed for and tested with #nginx "auth_request"). I created it mainly to defend against #malicious_bots, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same #crypto #challenge known from #Anubis.
swad is written in pure #C with minimal dependencies ( #zlib, #OpenSSL or compatible, and optionally #PAM), and designed to work on any #POSIX system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).
This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.
Read more about it, download the .tar.xz, build and install it .... here:
Just released: #swad 0.5
swad is the "Simple Web Authentication Daemon", meant to add authentication using a #cookie and a #login form to your reverse proxy. It's designed for #nginx' "auth_request" module. It's written in pure #C with very few external dependencies (zlib, and depending on build options OpenSSL/LibreSSL and #PAM).
And with this release, it also allows guest logins using the crypto puzzle you may already know from #Anubis!
Read more in the release notes, grab the .tar.xz and build/install it 馃槑
Oh boy, I discovered two quite problematic bugs after releasing #swad 0.3:
* The #PAM checker could cause swad to deadlock under unlikely, but possible circumstances: Creating another PAM checker instance when the PAM helper process already died (or couldn't be started at all)
* The file checker had a bug of the stupid kind, it failed to authenticate users that don't have a "real name" set in the password file because it didn't correctly strip the newline following the hash in this case. 馃檲
Fixed them both now!
I think I'll do something you normally should never do: Re-roll the existing #release. It's IMHO kind of acceptable because this is still an incomplete 0.x version AND there are (as far as I know) no packagers yet.
Just released: #swad v0.3!
https://github.com/Zirias/swad/releases/tag/v0.3
swad is the "Simple Web Authentication Daemon", your tiny, efficient and (almost) dependency-free solution to add #cookie + login #form #authentication to whatever your #reverse #proxy offers. It's written in pure #C, portable across #POSIX platforms. It's designed with #nginx' 'auth_request' in mind, example configurations are included.
This release brings a file-based credential checker in addition to the already existing one using #PAM. Also lots of improvements, see details in the release notes.
I finally added complete build instructions to the README.md:
https://github.com/Zirias/swad
And there's more documentation available: manpages as well as a fully commented example configuration file.
A space for Bonfire maintainers and contributors to communicate
