[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unsuccessfully trying to get PAM to work



Amadej Bukorovic wrote:
> 
> Hello,
> I am having a bit of trouble getting PAM to work on a Slackware (8.0)
> machine. I downloaded the latest PAM source (0.75) and
> compiled/installed it.
> Then I read trough the How-To that I found on www.kernel.org and I think
> I somewhat got the idea of PAM but I do have some trouble getting it
> to work or so it seems.
> 
> I'm not really interested yet to make the whole machine PAM dependant,
> that is I only want to use PAM for certain applications (mainly Apache
> and poppassd for now). After I installed it I made a /etc/pam.d
> directory and stored a text file named other inside:
> 
> > cat /etc/pam.d/other
> #
> # default pam configuration
> #
> auth    required        /lib/security/pam_warn.so
> auth    required        /lib/security/pam_deny.so
> account required        /lib/security/pam_warn.so
> account required        /lib/security/pam_deny.so
> password required       /lib/security/pam_warn.so
> password required       /lib/security/pam_deny.so
> session required        /lib/security/pam_deny.so
> session required        /lib/security/pam_warn.so
> 
> I don't have a /etc/pam.conf file as I'm not interested in running ftpd
> or login or any other "vital" daemon with PAM so I presume it is safe in
> my case
> not to have this config file? (feel free to correct me at any stage)
> 
> After that I decided to test PAM with the small programs that come with
> the distribution. I found a small application named blank
> (Linux-PAM-0.75/examples/blank.c)
> and ran it.
> 
> > /install/Linux-PAM-0.75/examples/blank
> ==> called pam_start()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> ==> called pam_putenv()
>   got: `Success'
> a test: c=[gamma], j=[mu]
> Who are you? root
> ==> called pam_authenticate()
>   got: `Authentication failure'
> ./blank: invalid request
> ==> called pam_end()
>   got: `Success'
> 
> As far as I understood from this, PAM started ok, and ended ok but the
> authentication failed.

This is because of the pam_deny.so modules. If you make a pam.d/blank
file and fill it with pam_permit.so entries, you will have more luck
with this test application.

> After looking at the logs this is the only message I found:
> 
> Apr 22 14:12:55 gumb PAM-warn[2281]: service: blank [on terminal:
> <unknown>]
> Apr 22 14:12:57 gumb PAM-warn[2281]: user: (uid=0) -> root [remote:
> ?nobody@?nowhere]
> 
> After that I decided to try poppassd (from Mr. Pawel Krawczyk,
> poppassd-ceti-1.8-1). Based on what I read in the How-To and some
> information I
> found on the WWW I created a config file for it in /etc/pam.d/passwd
> (not poppassd, since I noticed after looking at the source file of
> poppassd
> that it ran the function pam_start with the parameter passwd).
> 
> > cat /etc/pam.d/passwd
> password        required        /lib/security/pam_unix.so nullok md5

what is the output of the following two commands:

  ls -l poppassd

What about

  nm popassd | grep pam_

These may indicate whether poppassd is able to read the /etc/shadow
file, and if popassd is using any other pam_ calls (things you will need
to put in your /etc/pam.d/passwd file).

Cheers

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []