SRP Password not set

Michael Chang syndetic at syndetic.org
Fri Dec 2 20:56:14 UTC 2005 

What does /etc/pam.d/system-auth contain? If it contains pam_securetty.so 
in the auth section then make sure that /etc/securetty contains entries 
for pseudoterminals (pts*).
(I personally wouldn't do that because it opens up holes for direct root
access.)
I'm not sure that that's your problem, but the warning message "SRP refuses
authentication for 'root'" appears to be an indication that, as per your
current configuration, root logins are denied.  For login(1)-based applications,
/etc/securetty is consulted to determine which ttys can be used for root
logins.
If this doesn't apply to your setup, kindly devnullify this message.

HTH,
Michael



On Fri, 2 Dec 2005, Lei Shi` wrote:

|                 Hi,I ran into a problem when I use SRP telnetd and 
| telnet:  Trying 127.0.0.1...  Connected to GATE (127.0.0.1).  Escape 
| character is '^]'.  [ Negotiating SSL/TLS session ... ] [ Cipher: 
| ADH-AES256-SHA (256 bits) ] [ Attempting to verify TLS session 
| parameters... ] [ Trying SRP ... ] SRP Username (root): root [ SRP 
| refuses authentication for 'root' (Password not set) ] WARNING: unable 
| to verify TLS session parameters. Continue? (Y/N) y telnetd: 
| Authorization failed.  Connection closed by foreign host.  My 
| configuration:  1. OS centos 4.2 2. installation steps 1) ./configure 
| --prefix=/usr/local/srp --with-openssl=/root/kernel/openssl-0.9.8a 
| --with-pam 2) make 3) make install 4) cp /usr/local/srp/sbin/eps_chkpwd 
| /sbin/ 5) cp /usr/local/srp/bin/passwd /usr/bin/ 6) cp 
| /usr/local/srp/bin/login /bin/ 7) cp /usr/local/srp/bin/su /bin/ 8) cp 
| base/pam_eps/pam_eps_*.so /lib/security/ 9) added the fllowing two lines 
| to some ! files in
|  /etc/pam/d: login, su, passwd, telnet(made by myself) and system-auth 
| auth required /lib/security/pam_eps_auth.so passwd required 
| /lib/security/pam_eps_passwd.so /etc/pam.d/telete auth required 
| pam_stack.so service=system-auth auth required 
| /lib/security/pam_eps_auth.so account required pam_stack.so 
| service=system-auth passwd required /lib/security/pam_unix.so nullok 
| use_authtok md5 shadow passwd required /lib/security/pam_eps_passwd.so 
| session required pam_stack.so service=system-auth 10) run the tconf and 
| generated the key 11) remade the root password and one other and 
| confirmed that they updated shadow, passwd and tpasswd 12) made a new 
| file --- /etc/xinetd.d/telnet # description: The SRP Telnet server 
| #serves Telnet connections.  # It uses SRP for authentication.  service 
| telnet { disable = no bind = 127.0.0.1 socket_type = stream wait = no 
| user = root server = /usr/local/srp/sbin/telnetd server_args = -a valid 
| log_o! n_success
|  += DURATION USERID log_on_failure += USERID nice = 10 } What's wrong is 
| this? All contributions gratefully received.


-- 
/* BEGIN SIG
 *
 * "Most of us, when all is said and done, like what
 *  we like and make up reasons for it afterwards."
 *  -- Soren F. Petersen
 *
 *-----------------------------
 * Michael Chang
 * miranda [at] syndetic [dot] org
 * AIM: Solempathe
 * http://www.syndetic.org/
 */

More information about the Pam-list mailing list