[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Unsuccessfully trying to get PAM to work



Hello,
I am having a bit of trouble getting PAM to work on a Slackware (8.0)
machine. I downloaded the latest PAM source (0.75) and
compiled/installed it.
Then I read trough the How-To that I found on www.kernel.org and I think
I somewhat got the idea of PAM but I do have some trouble getting it
to work or so it seems.

I'm not really interested yet to make the whole machine PAM dependant,
that is I only want to use PAM for certain applications (mainly Apache
and poppassd for now). After I installed it I made a /etc/pam.d
directory and stored a text file named other inside:

> cat /etc/pam.d/other
#
# default pam configuration
#
auth    required        /lib/security/pam_warn.so
auth    required        /lib/security/pam_deny.so
account required        /lib/security/pam_warn.so
account required        /lib/security/pam_deny.so
password required       /lib/security/pam_warn.so
password required       /lib/security/pam_deny.so
session required        /lib/security/pam_deny.so
session required        /lib/security/pam_warn.so

I don't have a /etc/pam.conf file as I'm not interested in running ftpd
or login or any other "vital" daemon with PAM so I presume it is safe in
my case
not to have this config file? (feel free to correct me at any stage)

After that I decided to test PAM with the small programs that come with
the distribution. I found a small application named blank
(Linux-PAM-0.75/examples/blank.c)
and ran it.

> /install/Linux-PAM-0.75/examples/blank
==> called pam_start()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
==> called pam_putenv()
  got: `Success'
a test: c=[gamma], j=[mu]
Who are you? root
==> called pam_authenticate()
  got: `Authentication failure'
./blank: invalid request
==> called pam_end()
  got: `Success'

As far as I understood from this, PAM started ok, and ended ok but the
authentication failed.
After looking at the logs this is the only message I found:

Apr 22 14:12:55 gumb PAM-warn[2281]: service: blank [on terminal:
<unknown>]
Apr 22 14:12:57 gumb PAM-warn[2281]: user: (uid=0) -> root [remote:
?nobody@?nowhere]

After that I decided to try poppassd (from Mr. Pawel Krawczyk,
poppassd-ceti-1.8-1). Based on what I read in the How-To and some
information I
found on the WWW I created a config file for it in /etc/pam.d/passwd 
(not poppassd, since I noticed after looking at the source file of
poppassd
that it ran the function pam_start with the parameter passwd).

> cat /etc/pam.d/passwd
password        required        /lib/security/pam_unix.so nullok md5

Then I telneted to port 106 (connected to poppassd) and I noticed it
failed to work:

telnet localhost 106
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
200 poppassd v1.8.1 hello, who are you?
USER test
200 Your password please.
PASS hello2you2
500 Old password is incorrect.
Connection closed by foreign host.

The username seemed to go trough, but the password was declined even
though I am sure I have entered the correct password. I changed the
source code a bit in
hope to see where exactly the program failed and noticed that
when popassd sent the password of my user test to PAM with the function
pam_authenticate it didn't return 1 (for success) and naturally failed.

After looking at the main log file of my machine all I could find in
logs
was this:

Apr 22 14:05:21 gumb PAM-warn[2275]: service: passwd [on terminal:
<unknown>]
Apr 22 14:05:21 gumb PAM-warn[2275]: user: (uid=0) -> test [remote:
?nobody@?nowhere]

Pretty much the same warning I got when trying the example program
blank.

Could someone please share some light on what my problem could be? Did I
miss something, forgot to configure something perhaps?






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []