Zend_Auth Pam Adapter

For work I wrote a Zend_Auth plugin to allow a Zend Framework based web application to authenticate against any OS using PAM. This means that on Linux, you can use this plugin to verify if the user is a local user on the machine.

Requirements

Firstly an OS that uses PAM is required. The Pecl module Pam needs to be installed on the machine (this can be done through PECL or on Debian based distros through APT). Also, you’ll probably need to give php read access to the /etc/shadow file. There are security issues with this, but I’m not going to go into them here.

<?php

class My_Auth_Adapter_Pam implements Zend_Auth_Adapter_Interface {

    protected $_username;
    protected $_password;

    public function __construct($username, $password) {
        if(!function_exists('pam_auth')) {
            throw new Exception('pam_auth not installed');
        }

        $this->_username = $username;
        $this->_password = $password;
    }

    public function authenticate() {

        $res = pam_auth($this->_username, $this->_password);
        if($res) {
            $zRes = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, posix_getpwnam($this->_username));
        } else {
            $zRes = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, posix_getpwnam($this->_username));
        }

        return $zRes;
    }
}

Installation and Usage

Download the file below and extract it into the library directory within your application. Enter your application.ini file and add the line:

autoloaderNamespaces[] = "My_"

under the [production] heading.

When you want to use it, create a new Authentication Adapter using the line:

$authAdapter = new My_Auth_Adapter_Pam($username, $password);

And then use it as you would a normal authentication adapter.

Any questions, comments, suggestions are welcome. I hope this is proves to be useful.

Download Zend_Auth Pam Adapter

Leave a Reply