Quick question about stack...

Thorsten Kukuk kukuk at suse.de
Mon Aug 3 17:13:24 UTC 2009


On Mon, Aug 03, Jason Gerfen wrote:

> Thorsten Kukuk wrote:
> > On Mon, Aug 03, Jason Gerfen wrote:
> > 
> >> I have a quick question regarding the pam stack.
> >>
> >> The reason I am asking is I am receiving errors and am unable to figure
> >> out which module is logging the 'UNKNOWN' user message. I used to think
> >> it was the pam_unix module but it seems I am wrong.
> >>
> >> Here is a quick snippit of the log (/var/log/auth.log)
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
> >> pass; user unknown
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
> >> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
     ^^^^^^^^^^^^^^^^^^^^^^^


> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching
> >> 'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'...
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found
> >> 'testuser' in 'ad', proceeding to resolve to uid/gid pair...
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication
> >> succeeds for 'testuser' (testuser at UTAH.EDU)
> >> Aug  3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR
> >> `UNKNOWN', User not known to the underlying authentication module
> >>
> >> Not sure what module is sending that last line to the logs. Any help is
> >> appreciated.
> > 
> > The login application itself, as result of the pam_unix failure.
> > 
> >   Thorsten
> > 
> So at least one module is not returning the PAM_SUCCESS flag?

If a module reports an authentication error, it will of course
not return the PAM_SUCCESS flag.

  Thorsten

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)




More information about the Pam-list mailing list