Hi,
I am having some trouble adding my own PAM module to a redhat linux system 2.4.2-2.
I'm using the shipped binary code for the PAM library and then just made a simple PAM module
based on an existing module.
The basic problem is that after calling pam_authenticate from the sample app provided,
I am getting "Module is unknown" from pam_strerror(). I am NOT trying to statically
link this new module, but the documentation for writing a module isn't very clear
on what needs to be done for dynamically loaded modules. I would prefer not to statically
link if possible.
Can someone help?
thanks,
John
P.S. Here is some more information about my code setup.
Main application is the sample written by Shane Watts and Andrew G. Morgan
with a few minor modifications I made to exclude account management.
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user = NULL;
const char *errString;
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
retval = pam_start("check_user", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0); /* is user really user? */
#if 0
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
#endif
/* This is where we have been authorized or not. */
errString = pam_strerror (pamh, retval);
fprintf (stdout, "%s\n", errString);
if (retval == PAM_SUCCESS) {
fprintf(stdout, "Authenticated\n");
} else {
fprintf(stdout, "Not Authenticated\n");
}
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
I based the code for the PAM module on some code very
similar to pam_unix_auth.c, but originally from a BSD source. This file only has
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
with very simplistic implementations (in fact the pam_sm_acct_mgmt() just returns
PAM_SUCCESS).
I made these changes to my system:
add file: /lib/security/pam_local.so
add file: /etc/pam.d/check_user
Contents of /etc/pam.d/check_user is:
#%PAM-1.0
#auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_local.so
#auth required /lib/security/pam_stack.so service=system-auth
#auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
