Re:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2013-06-04 at 08:30 -0300, Oswaldo F. Filho wrote: 
> I created a new PAM Module for RHEL.
> 
> My code:
> 
>     #include <security/pam_modules.h>
>     #include <security/pam_macros.h>
>     #include <unistd.h>
>     #include <string.h>
>     #include <stdio.h>
> 
>     PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
>                                                                 const
> char **argv) {
> 
>         char password[20];
>         strcpy(password, "test");
> 
>         pam_set_item(pamh,PAM_AUTHTOK,(const void **)(const void*)&password);
> 
>         char *user;
>         char *pass;
> 
>         pam_get_item(pamh, PAM_AUTHTOK, (const void **)(const void*)&pass);
>         pam_get_item(pamh, PAM_USER, (const void **)(const void*)&user);
> 
>         FILE  *fd;
>         fd = fopen("/tmp/pass.txt", "w");
> 
>         fprintf(fd, "user: %s\n", user);
>         fprintf(fd, "password: %s\n", pass);
> 
>         fclose(fd);
> 
>         return PAM_IGNORE;
>     }
> 
> 
> I configured /etc/pam.d/commom-auth:
> 
>      auth    sufficient          libtest-pam-auth-module.so
>      auth    required            pam_unix.so try_first_pass nullok_secure debug
>      auth    requisite           pam_deny.so
>      auth    required            pam_permit.so
>      auth    optional            pam_cap.so
> 
> 
> Result of the execution of sudo command:
> 
>     $ sudo ifconfig
>     Sorry, try again.
>     Sorry, try again.
>     Sorry, try again.
>     sudo: 3 incorrect password attempts
> 
> User and password saved in /tmp/pass.txt are correct.
> 
> Why pam_unix doesn't accept the password passed by my module?

Your PAM configuration is completely wrong. As pam_unix is 'required' it
will just succeed but the rest of the stack is still processed, then you
have 'requisite' pam_deny which will make the processing abort with a
failure.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux