I know this might not be the right place to talk about PAM on AIX but
since I can't find any better mailing/newsgroup... If you know of a more
appropriate place...
I wrote a PAM module in charge of authenticating users to a specific
authentication server and retrieve a Unix login & pwd from single
sign-on data. Upon a successful authentication, the module retrieves
Unix login and pwd and uses pam_set_item to set PAM_USER and PAM_AUTHTOK
to the Unix values (always different from what the user provided): any
other PAM module configured with 'use_first_pass' should then use these
to perform any required authentication.
This PAM module works fine on Solaris (except for ftp, because of a
documented restriction in ftpd), HP-UX and Linux.
On AIX 5.3, the connection always fails with the following info in syslog:
auth|security:info syslog: pts/3: failed login attempt for UNKNOWN_USER
from ...
I currently try this PAM module using telnet and the following entries
in /etc/pam.conf (my PAM module is am_pam.so):
telnet auth required /usr/lib/security/am_pam.so dump debug
telnet auth required /usr/lib/security/pam_aix use_first_pass
debug
OTHER auth required /usr/lib/security/pam_prohibit debug
telnet account required /usr/lib/security/am_pam.so no_warn
bypass dump
telnet account required /usr/lib/security/pam_aix debug
OTHER account required /usr/lib/security/pam_prohibit debug
telnet password required /usr/lib/security/pam_aix debug
OTHER password required /usr/lib/security/pam_prohibit debug
telnet session required /usr/lib/security/am_pam.so dump debug
telnet session required /usr/lib/security/pam_aix debug
OTHER session required /usr/lib/security/pam_prohibit debug
The following lines are sent to syslog:
:debug PAM: pam_start(telnet aixuser1)
:debug PAM: pam_set_item(1)
:debug PAM: pam_set_item(2)
:debug PAM: pam_set_item(5)
:debug PAM: pam_set_item(3)
:debug PAM: pam_set_item(4)
:debug PAM: pam_set_item(8)
:debug PAM: pam_authenticate()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_authenticate
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_authenticate
:debug PAM: AM-PAM : authentication OK.
:debug PAM: pam_set_item(2)
:debug PAM: pam_set_item(6)
:debug PAM: pam_set_item(6)
:debug PAM: pam_acct_mgmt()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_acct_mgmt
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_acct_mgmt
:debug PAM: pam_aix: acct_mgmt(telnet, pchuser1), flags = 0
:debug PAM: pam_setcred()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_setcred
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_setcred
:debug PAM: pam_open_session()
:debug PAM: load_modules: /usr/lib/security/am_pam.so
:debug PAM: load_function: successful load of pam_sm_open_session
:debug PAM: load_modules: /usr/lib/security/pam_aix
:debug PAM: load_function: successful load of pam_sm_open_session
:debug PAM: pam_end(): status = Success
:info syslog: pts/3: failed login attempt for UNKNOWN_USER from ...
Would someone have some similar PAM module? Can such PAM modules work on
AIX 5.3? Did I miss something in the configuration?
Help!...
begin:vcard
fn:Jacques Lebastard
n:Lebastard;Jacques
org:Bull, Architect of an Open World (TM);Evidian S.A.
adr;quoted-printable:;;Rue Jean Jaur=C3=A8s;Les Clayes sous Bois;;78340;Les Clayes sous Bois
email;internet:jacques.lebastard@xxxxxxxxxxx
title:Software Architect
tel;work:+33 1 30 80 77 86
x-mozilla-html:FALSE
url:http://www.evidian.com - http://www.bull.com
version:2.1
end:vcard
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
