Contact: pamxacml-developer@lists.sourceforge.net
Authors: Andreas Klenk, Tobias Heide
Documentation: Tobias Heide
Supported by: Universität Tübingen and Technische Universität München
About this document_________________________ 1
Installation_________________________________ 1
Configuration_______________________________ 1
Installation of SimplePDP_____________________ 1
See it work..._______________________________ 2
Further steps_______________________________ 2
Write your own policy 2
Read the documentation of pam_xacml 2
Read the source of pamxacml_test 2
Contribute to pam_xacml 2
1.About this document
This document will give you a very short instruction, how to get pam_xacml running on a Linux system. If you need further assistance, please refer to the documentation of pam_xacml.
To gain full benefit of pam_xacml you will need to install a Policy Decision Point (PDP). There are some provided with pam_xacml, just refer to section four for an example.
On a clean Debian or Ubuntu installation, you would issue the following command:
sudo apt-get install libpam0g-dev libssl-dev libldap2-dev bison flex libxml2 libxml2-dev pkg-config libtool g++ bison flex autoconf automake patch
Then download gSOAP:
wget http://downloads.sourceforge.net/gsoap2/gsoap_2.7.10.tar.gz?modtime=1201451344&big_mirror=0
Install gSOAP:
tar -xvzf gsoap_2.7.10.tar.gz
cd gsoap-2.7
./configure --prefix=/usr
make
sudo make install
cd ..
When done installing gSOAP you can progress with the download of pam_xacml.
wget http://downloads.sourceforge.net/pamxacml/pamxacml-0.1-alpha.tbz?modtime=1219067417&big_mirror=0
Afterwards, install pam_xacml:
tar -xvjf pamxacml-0.1-alpha.tbz
cd pamxacml-0.1-alpha
libtoolize
aclocal
autoheader
autoconf
automake -a -c --foreign
./configure --prefix=/usr
make
sudo make install
Copy the file pamxacml_test from the dist/pam.d directory of the pam_xacml distribution to /etc/pam.d:
sudo cp dist/pam.d/pamxacml_test /etc/pam.d
sudo mkdir /etc/pamxacml
sudo cp dist/templates/* /etc/pamxacml
Afterwards edit /etc/pam.d/pamxacml_test and comment out the very last line.
Download JAXP_14_FCS from (sorry no direct link because of licensing issues) https://jaxp.dev.java.net/1.4/binaryDrops.html and place it in the directory PDP/SimplePDP/lib within pam_xacml. Then
wget http://downloads.sourceforge.net/sunxacml/sunxacml-1.2.zip?modtime=1089936000&big_mirror=0
unzip sunxacml-1.2.zip
mv sunxacml-1.2/lib/* PDP/SimplePDP/lib/
wget http://www.apache.org/dist/xerces/j/Xerces-J-bin.2.9.1.tar.gz
tar -xvzf Xerces-J-bin.2.9.1.tar.gz
mv xerces-2_9_1/ PDP/SimplePDP/lib/
Now install java:
sudo apt-get install sun-java6-jdk
Compile SimplePDP
cd PDP/SimplePDP
./build.sh
If you get error messages, make sure you placed the libraries into the correct directories.
Now it‘s time to see pam_xacml work. Open up another console to start the provided PDP (called SimplePDP, located in PDP/SimplePDP within your pam_xacml distribution):
./execute.sh
You can now go back to your other console and change into the subdirectory tests/ of the distribution. Then call the program „pamxacml_test“:
cd tests/
./pamxacml_test
The output of the program should look as follows:
theide@kubuntu-clean:~/pamxacml-0.1-alpha/tests$ ./pamxacml_test
Test 0
pamAuthorisationConversation: Authorization Succeeded!
You will find some debug information in your system logs. If you want to switch that off, just disable the debug flag in the PAM-configuration of pamxacml_test.
The policy which SimplePDP uses when it comes with the distribution is located under PDP/SimplePDP/xacmlpolicy/obligationtest.xml. You can change the to any other file by editing the file called xacmlConfig.xml located in the SimplePDP-directory. Write your own policies to get started with XACML.
Read the documentation of pam_xacml
You will get a better understanding how you can configure pam_xacml to work in different scenarios. Also you will learn, what different kinds of PDPs pam_xacml can address.
Especially, have a look at the template request builder, which will help you to provide applications with XACML ablities, that don‘t know anything about it (they still have to use PAM, though).
Adopt your applications to make use of pam_xacml
It is easy to use pam_xacml from within your application. Please note tough, that pam_xacml is currently in an early alpha state and not suitable for production systems. To get more information about how to integrate PAM and pam_xacml within your application, refer to the PAM developer documents and to the pam_xacml developer handbook.
Read the source of pamxacml_test
It will give you a glimpse how to write your own applications that gain from using pam_xacml
Help us making pam_xacml better by providing bug reports or contributions to the source code.