Module Hub Beta

pam-auth

Linux Pluggable Authentication Module‚Äč (PAM) for Redis

Overview:

This module replaces the original Redis AUTH command with an alternative implementation that uses the Linux PAM facility to authenticate users.

This module should be used as a proof of concept only. It provides an extreme example of how modules can extend Redis beyond the standard Redis Module API.

Quick start guide:

  1. Build a Redis server with support for modules.
  2. Create a REDIS_SRC_DIR environment variable that points to your Redis source code: export REDIS_SRC_DIR=<dir>.
  3. Build the password module: make
  4. To load the module, Start Redis with the --loadmodule /path/to/module.so option, add it as a directive to the configuration file or send a MODULE LOAD command.

What it does:

This module does not create new commands, it only modifies the way AUTH works.

Once loaded, AUTH expects users to provide both username and password in the format <user>:<password>. This is validated against PAM as a redis service authentication request.

The requirepass settings is ignored as long as the module remains loaded in Redis.

Why use PAM

There are several benefits for using PAM:

  • Rely on OS user authentication, using same credentials use for OS access.
  • Advanced OS authentication configuration such as Active Directory/LDAP membership.
  • Additional security features are “for free”, like failed login throttling, granular restrictions based on source IP address, etc.
© 2017 Redis Labs, Inc. All rights reserved.