![[BANNER]](/icons/stripetoppinns_01.jpg){kind=icon}
First, make sure that you compile Dante with support for PAM. The configure script should do this for you if the PAM development libraries are installed. Under RedHat Linux, make sure you have the PAM-devel RPM installed.
You will also have to add LDAP support to your PAM implementation, if it is not already there. Check if you have /lib/security/pam_ldap.so or the equivalent. If not, use pam_ldap from http://www.padl.com/.
pam_ldap gets its configuration from /etc/ldap.conf. Make sure you set host to your LDAP server, and base to your base DN.You can also set pam_filter and pam_group_dn to restrict logins to particular objecttypes or members of particular groups.
Point sockd at LDAP by creating /etc/pam.d/sockd. An exapmle of this files contents is;
#%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so try_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_ldap.so
Finally, you need to configure sockd.conf to restrict access based on PAM. this is accomplished with the following:
# allowable authentication methods for socks-rules.
# values are username, none, rfc931 and pam
method: pam none
# allowable authentication methods for client-rules.
# values are username, none, rfc931 and pam
clientmethod: pam none
# Client rules, controls who may connect
#
## everyone who authenticates is allowed to use tcp
## and udp
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
protocol: tcp udp
log: connect disconnect error
method: pam
}
# last line, block everyone else. This is the default but if you
provide
# one yourself you can specify your own logging/actions
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
Thanks to: Sean Burford <sean.burford@adelaide.edu.au>.