using pam_sm_auth
leonel06013 at cfg.jovenclub.cu
leonel06013 at cfg.jovenclub.cu
Thu Oct 6 16:12:04 UTC 2011
this is the function I have redefine for get the user and password from the user in
the Gnome Windows login
#define PAM_SM_AUTH
#include <security/pam_modules.h>
#include <security/pam_appl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <pwd.h>
#include <syslog.h>
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const
char ** argv)
{
const char * userName = NULL; //var to get the user name
char * userPasswd; //var to get the user password
//others var
int pam_err, retry;
//geting the users name, this work fine
if (pam_get_user(pamh, &userName, NULL) != PAM_SUCCESS)
{
syslog(LOG_ERR, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
if ( pam_get_item(pamh, PAM_AUTHTOK, (const void **)&userPasswd) != PAM_SUCCESS)
{
syslog(LOG_ERR, "Error al extra el pass del usuario");
return PAM_SYSTEM_ERR;
}
return PAM_SUCCESS;
}
this is the main instruction of my function, the part where I get the user name and
de password, getting the user name work fine, but I can't obtain his password.
This is a service module for PAM, not for and app.
I need obtain all this data when the user get login on Gnome, having this data I
authenticate those values against my database and them I set knew credentials with
pam_set_item, but this last part doesn't matter because the first part doesn't work
yet.
If I call pam_get_authtok() function all work ok, I get the password fine, but I
have to put the password twice, one for the function pam_get_authtok() and other for
the system I guess, the same thing happened when I use the conversation function.
Then my problem now are two, one how can I get the user password without use
pam_get_authtok or the conversation function? , and if I have to use one of those,
how can avoid the second authentication in the Gnome window login.
please if someone knows about this I need help.
> On Thu, 2011-10-06 at 00:16 -0400, leonel06013 at cfg.jovenclub.cu wrote:
>> Hi:
>>
>> I'm createing a pam_sm_authenticate module for the gnome login windows, in this I
>> need the userName and the password, I need to validate this information against a
>> database, I have already obtained the username, and use pam_get_item(pamh,
>> PAM_AUTHTOK, (const void **) pass); to obtain the pass, where pass is a (char *),
>> everything works fine, but when the user logs on, the variable pass is NULL, and I
>> can not get the pass that the user put in the gnome login windows.
>>
>> How can I get the password of a user usign pam_get_item, using the item_type
>> (PAM_AUTHTOK), can somebody give an example.
>
> If the module is supposed to be used only with Linux-PAM you can use
> pam_get_authtok() extension function from it to get the password.
> Otherwise you have to copy the code that calls conversation functions to
> obtain the password.
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
More information about the Pam-list
mailing list