PAM on AIX 5.3
Jacques Lebastard
jacques.lebastard at evidian.com
Wed Jun 7 12:32:00 UTC 2006
I know this might not be the right place to talk about PAM on AIX but
since I can't find any better mailing/newsgroup... If you know of a more
appropriate place...
I wrote a PAM module in charge of authenticating users to a specific
authentication server and retrieve a Unix login & pwd from single
sign-on data. Upon a successful authentication, the module retrieves
Unix login and pwd and uses pam_set_item to set PAM_USER and PAM_AUTHTOK
to the Unix values (always different from what the user provided): any
other PAM module configured with 'use_first_pass' should then use these
to perform any required authentication.
This PAM module works fine on Solaris (except for ftp, because of a
documented restriction in ftpd), HP-UX and Linux.
On AIX 5.3, the connection always fails with the following info in syslog:
auth|security:info syslog: pts/3: failed login attempt for UNKNOWN_USER
from ...
I currently try this PAM module using telnet and the following entries
in /etc/pam.conf (my PAM module is am_pam.so):
telnet auth required /usr/lib/security/am_pam.so dump debug
telnet auth required /usr/lib/security/pam_aix use_first_pass
debug
OTHER auth required /usr/lib/security/pam_prohibit debug
telnet account required /usr/lib/security/am_pam.so no_warn
bypass dump
telnet account required /usr/lib/security/pam_aix debug
OTHER account required /usr/lib/security/pam_prohibit debug
telnet password required /usr/lib/security/pam_aix debug
OTHER password required /usr/lib/security/pam_prohibit debug
telnet session required /usr/lib/security/am_pam.so dump debug
telnet session required /usr/lib/security/pam_aix debug
OTHER session required /usr/lib/security/pam_prohibit debug
The following lines are sent to syslog:
:debug PAM: pam_start(telnet aixuser1)
:debug PAM: pam_set_item(1)
:debug PAM: pam_set_item(2)
:debug PAM: pam_set_item(5)
:debug PAM: pam_set_item(3)
:debug PAM: pam_set_item(4)
:debug PAM: pam_set_item(8)
:debug PAM: pam_authenticate()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_authenticate
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_authenticate
:debug PAM: AM-PAM : authentication OK.
:debug PAM: pam_set_item(2)
:debug PAM: pam_set_item(6)
:debug PAM: pam_set_item(6)
:debug PAM: pam_acct_mgmt()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_acct_mgmt
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_acct_mgmt
:debug PAM: pam_aix: acct_mgmt(telnet, pchuser1), flags = 0
:debug PAM: pam_setcred()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_setcred
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_setcred
:debug PAM: pam_open_session()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_open_session
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_open_session
:debug PAM: pam_end(): status = Success
:info syslog: pts/3: failed login attempt for UNKNOWN_USER from ...
Would someone have some similar PAM module? Can such PAM modules work on
AIX 5.3? Did I miss something in the configuration?
Help!...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jacques.lebastard.vcf
Type: text/x-vcard
Size: 391 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060607/5272c147/attachment.vcf>
More information about the Pam-list
mailing list