No subject
Tomas Mraz
tmraz at redhat.com
Tue Jun 4 12:05:39 UTC 2013
On Tue, 2013-06-04 at 08:30 -0300, Oswaldo F. Filho wrote:
> I created a new PAM Module for RHEL.
>
> My code:
>
> #include <security/pam_modules.h>
> #include <security/pam_macros.h>
> #include <unistd.h>
> #include <string.h>
> #include <stdio.h>
>
> PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
> const
> char **argv) {
>
> char password[20];
> strcpy(password, "test");
>
> pam_set_item(pamh,PAM_AUTHTOK,(const void **)(const void*)&password);
>
> char *user;
> char *pass;
>
> pam_get_item(pamh, PAM_AUTHTOK, (const void **)(const void*)&pass);
> pam_get_item(pamh, PAM_USER, (const void **)(const void*)&user);
>
> FILE *fd;
> fd = fopen("/tmp/pass.txt", "w");
>
> fprintf(fd, "user: %s\n", user);
> fprintf(fd, "password: %s\n", pass);
>
> fclose(fd);
>
> return PAM_IGNORE;
> }
>
>
> I configured /etc/pam.d/commom-auth:
>
> auth sufficient libtest-pam-auth-module.so
> auth required pam_unix.so try_first_pass nullok_secure debug
> auth requisite pam_deny.so
> auth required pam_permit.so
> auth optional pam_cap.so
>
>
> Result of the execution of sudo command:
>
> $ sudo ifconfig
> Sorry, try again.
> Sorry, try again.
> Sorry, try again.
> sudo: 3 incorrect password attempts
>
> User and password saved in /tmp/pass.txt are correct.
>
> Why pam_unix doesn't accept the password passed by my module?
Your PAM configuration is completely wrong. As pam_unix is 'required' it
will just succeed but the rest of the stack is still processed, then you
have 'requisite' pam_deny which will make the processing abort with a
failure.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list