diff options
| -rw-r--r-- | doc/guide.html | 4 | ||||
| -rw-r--r-- | doc/guide.tex | 4 | ||||
| -rw-r--r-- | src/ejabberd_auth_pam.erl | 17 |
3 files changed, 23 insertions, 2 deletions
diff --git a/doc/guide.html b/doc/guide.html index 0c1973d70..0e1294080 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -1100,6 +1100,10 @@ PAM authentication is disabled by default, so you have to configure and compile <B><TT>{pam_service, Name}</TT></B></DT><DD CLASS="dd-description">This option defines the PAM service name. Default is <TT>"ejabberd"</TT>. Refer to the PAM documentation of your operation system for more information. +</DD><DT CLASS="dt-description"><B><TT>{pam_userinfotype, username|jid}</TT></B></DT><DD CLASS="dd-description"> +This option defines what type of information about the user ejabberd +provides to the PAM service: only the username, or the user JID. +Default is <TT>username</TT>. </DD></DL><P>Example: </P><PRE CLASS="verbatim">{auth_method, [pam]}. {pam_service, "ejabberd"}. diff --git a/doc/guide.tex b/doc/guide.tex index bef001c32..44e8a3af8 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -1298,6 +1298,10 @@ Options: \titem{\{pam\_service, Name\}}\ind{options!pam\_service}This option defines the PAM service name. Default is \term{"ejabberd"}. Refer to the PAM documentation of your operation system for more information. +\titem{\{pam\_userinfotype, username|jid\}}\ind{options!pam\_userinfotype} +This option defines what type of information about the user ejabberd +provides to the PAM service: only the username, or the user JID. +Default is \term{username}. \end{description} Example: diff --git a/src/ejabberd_auth_pam.erl b/src/ejabberd_auth_pam.erl index aff0a226b..b99c7cbd3 100644 --- a/src/ejabberd_auth_pam.erl +++ b/src/ejabberd_auth_pam.erl @@ -60,7 +60,11 @@ check_password(User, Server, Password, _Digest, _DigestGen) -> check_password(User, Host, Password) -> Service = get_pam_service(Host), - case catch epam:authenticate(Service, User, Password) of + UserInfo = case get_pam_userinfotype(Host) of + username -> User; + jid -> User++"@"++Host + end, + case catch epam:authenticate(Service, UserInfo, Password) of true -> true; _ -> false end. @@ -84,7 +88,11 @@ get_password_s(_User, _Server) -> %% TODO: Improve this function to return an error instead of 'false' when connection to PAM failed is_user_exists(User, Host) -> Service = get_pam_service(Host), - case catch epam:acct_mgmt(Service, User) of + UserInfo = case get_pam_userinfotype(Host) of + username -> User; + jid -> User++"@"++Host + end, + case catch epam:acct_mgmt(Service, UserInfo) of true -> true; _ -> false end. @@ -106,3 +114,8 @@ get_pam_service(Host) -> undefined -> "ejabberd"; Service -> Service end. +get_pam_userinfotype(Host) -> + case ejabberd_config:get_local_option({pam_userinfotype, Host}) of + undefined -> username; + Type -> Type + end. |