We are running pam enabled jabberd I don't have nice patches and I have no time to make them but I can send you the sources if you are intersted. Tomas B. Winkler HUJI CSE On Tue, 11 Dec 2001, James Stevens wrote: > Here's an interesting one... > > I've just been doing some work on adding PAM support into the "jabber" IM > server and ran into an interesting problem. With Jabber, the authentication is > itself done in a plug-in module called "jsm.so", which is loaded bythe main > process, "jabberd". > > This causes a problem with PAM, because many of the PAM modules make calls into > "libpam.so", but *none* of them specifically link it in. Instead they assume > that the main application (in this case "jabberd") has had "libpam" linked into > it and that they will have access to its symbols that way. > > This means that although "jabberd" makes absolutely no PAM calls what so ever, > I have to link "libpam" into it, in order to make it available to the PAM > plug-in modules. > > Without "libpam" linked into "jabberd", "dlopen" in "libpam/pam_handlers.c" > will return NULL and a subsequent call to "dlerror()" will return something > like "pam_unix: pam_get_user: symbol not found". > > > To solve this problem I can simply link "libpam" into "jabberd". However, in > the situation where I had access to the source code for "jsm.so", but didn't > have the source code to "jabberd" this wouldn't be possible. So, I believe that > "libpam" should be linked into every modules that wants to make calls into it. > > > I believe a similar problem would arise with Apache as it also does its > authentication in a plug-in module. > > > > It would have really helped me track this problem if there had been a call to > "dlerror()" if "dlopen()" fails, even ifonly in debug mode. > > > > > > James > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list >
