Note that most of PAM authentications need to be executed under the
privilege of superuser on Unix (with OWNER="root" option).
But you can avoid running your PAM-DeleGate server with superuser privilege by
installing external program "dgpam" under DGROOT/subin/.
The default port number of the experimental PAM/HTTP server is 8686.
Other ports can be specified as
for example as AUTHORIZER="-pam//hostX..8765/passwd".
PAM/HTTP protocol uses the format of HTTP compatible request/response
messages as follows.
GET /-/pam/service/auth HTTP/1.0
Authorization: Basic BASE64of(User:Pass)
Response (one of followings):
HTTP/1.0 200 OK, authorized
HTTP/1.0 401 Not authorized
HTTP/1.0 403 Forbidden to use the PAM server
The base of request URL "/-/pam/" can be replaced with an arbitrary path
The whole request URL can be replaced by PAMCONF="url:/path".
The content of response message is not cared in the current specification
but it could convey some authentication related data or
capability information in future.
Following the format, you can easily develop your own PAM server,
instead of PAM-DeleGate, using your own HTTP server with CGI or so.