Amadej Bukorovic wrote: > > Hello, > I am having a bit of trouble getting PAM to work on a Slackware (8.0) > machine. I downloaded the latest PAM source (0.75) and > compiled/installed it. > Then I read trough the How-To that I found on www.kernel.org and I think > I somewhat got the idea of PAM but I do have some trouble getting it > to work or so it seems. > > I'm not really interested yet to make the whole machine PAM dependant, > that is I only want to use PAM for certain applications (mainly Apache > and poppassd for now). After I installed it I made a /etc/pam.d > directory and stored a text file named other inside: > > > cat /etc/pam.d/other > # > # default pam configuration > # > auth required /lib/security/pam_warn.so > auth required /lib/security/pam_deny.so > account required /lib/security/pam_warn.so > account required /lib/security/pam_deny.so > password required /lib/security/pam_warn.so > password required /lib/security/pam_deny.so > session required /lib/security/pam_deny.so > session required /lib/security/pam_warn.so > > I don't have a /etc/pam.conf file as I'm not interested in running ftpd > or login or any other "vital" daemon with PAM so I presume it is safe in > my case > not to have this config file? (feel free to correct me at any stage) > > After that I decided to test PAM with the small programs that come with > the distribution. I found a small application named blank > (Linux-PAM-0.75/examples/blank.c) > and ran it. > > > /install/Linux-PAM-0.75/examples/blank > ==> called pam_start() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > ==> called pam_putenv() > got: `Success' > a test: c=[gamma], j=[mu] > Who are you? root > ==> called pam_authenticate() > got: `Authentication failure' > ./blank: invalid request > ==> called pam_end() > got: `Success' > > As far as I understood from this, PAM started ok, and ended ok but the > authentication failed. This is because of the pam_deny.so modules. If you make a pam.d/blank file and fill it with pam_permit.so entries, you will have more luck with this test application. > After looking at the logs this is the only message I found: > > Apr 22 14:12:55 gumb PAM-warn[2281]: service: blank [on terminal: > <unknown>] > Apr 22 14:12:57 gumb PAM-warn[2281]: user: (uid=0) -> root [remote: > ?nobody@?nowhere] > > After that I decided to try poppassd (from Mr. Pawel Krawczyk, > poppassd-ceti-1.8-1). Based on what I read in the How-To and some > information I > found on the WWW I created a config file for it in /etc/pam.d/passwd > (not poppassd, since I noticed after looking at the source file of > poppassd > that it ran the function pam_start with the parameter passwd). > > > cat /etc/pam.d/passwd > password required /lib/security/pam_unix.so nullok md5 what is the output of the following two commands: ls -l poppassd What about nm popassd | grep pam_ These may indicate whether poppassd is able to read the /etc/shadow file, and if popassd is using any other pam_ calls (things you will need to put in your /etc/pam.d/passwd file). Cheers Andrew
