
pam_nw_auth  - PAM Netware Bindery Authentication module.
version 1.0.0

Original concept and code by      Brian Hammond    (hammond@cba.uga.edu)
Enhancements                      John Taylor      (john@www.cviog.uga.edu)


John's notes:

I tested this on Redhat 4.2 and Novell 3.12.  I tested these authentication
modules : login, ftp, imap, and samba.  I also tested login with the
"stacked" modules -- attempting to authenticate first against unix
name/password and then against the netware authentication.


Brian's notes:

Here are a few notes about this module:
	- To get this package to install, you must have downloaded and 
	  compiled NCPFS.  Then just edit the makefile to point to where 
	  it is...

	- change the appropriate line in your /etc/pam.d/(service), eg:
		chfn auth required /lib/security/pam_unix_auth.so
	  to
		chfn auth required /lib/security/pam_nw_auth.so server_name
	  where server is the novell server to authenticate to. 

	- You can list multiple netware server to authenticate against like:
	  auth required /lib/security/pam_nw_auth.so server_name1 server_name2

	- if you want to allow folks to authenticate via /etc/password _OR_
	  netware, put a line like in /etc/pam.conf:
		chfn auth sufficient /lib/security/pam_unix_auth.so
	  before the line with the pam_nw_auth module.  This way if someone
	  can authenticate against the password file, they don't have to
	  jump through the novell hoop...

	- for right now, this only works for netware with bindery or bindery
	  emulation turned on.  NDS support will be added when the ncpfs guys
	  get it working... ;^)

	- this module is a total code ripoff!  All of the pam stuff was taken
	  from Alexander O. Yuriev (pam_unix_auth.c) and the ncpfs stuff from 
	  Volker Lendecke (nwpasswd.c).  The file support.c is straight from
	  the pam distribution...
         
When you have compiled it, copy the pam_nw_auth.so to /lib/security and
alter the /etc/pam.conf or /etc/pam.d/module_name to reflect your changes. 
Once you have done this, the module will be active and ready to go!


					- Brian Hammond
					  bhammond@cba.uga.edu


P.S.:  chfn is probably not what you want to use netware authentication for, 
       but it makes a good test case...  ;^)
