Handbook:Advanced Server Configuration:PAM Authentication

HylaFAX has supported PAM authentication since version 4.2.0. To use PAM authentication, HylaFAX must have been compiled with PAM support. PAM support is automaticaly turned on by configure if it can find the PAM libraries. If you are unsure if hfaxd supports PAM, you can run the following command:

ldd /usr/sbin/hfaxd

If a line similar to

libpam.so.0 => /lib/libpam.so.0 (0xb7f02000)

is in the library listing, PAM support has been compiled in. If not, you will have to recompile HylaFAX with PAM support.

The RedHat/Fedora HylaFAX packages distributed on HylaFAX.org are compiled with PAM support. All you need to do to use it is to create a file named /etc/pam.d/hylafax with settings for auth and account. A sample file looks like this:

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

The HylaFAX package distributed by Debian is already compiled with PAM support. In order to use it with the default PAM configuration, the file /etc/pam.d/hylafax must be created with the following content:

@include common-auth
@include common-account
@include common-session

Once PAM has been configured, all connections to hfaxd will require a valid local user and password. Localhost connections are not exempted from this and HylaFAX utils (sendfax, faxstat, ...) run on the local machine will also require the password of the current user.