SURF research access management's PAM web login functionality enables federated authentication for users via a command line interface connecting to a server supporting PAM (commonly supported, e.g. by the Open SSH server and iRODS server), by logging in on a web page in addition to or instead of the usual authentication process.
- Download the latest release of PAM web login https://github.com/SURFscz/pam-weblogin/releases
- Install PAM web login and configure PAM, PAM web login and the application offering the CLI (e.g., sshd), according to the readme https://github.com/SURFscz/pam-weblogin#readme
At the application page, enable PAM web login and create a token
- Enter the generated token into the PAM web login configuration on the server
To test it, login using the attribute specified in /etc/pam-weblogin.conf.