On Tue, 2013-06-04 at 08:30 -0300, Oswaldo F. Filho wrote: > I created a new PAM Module for RHEL. > > My code: > > #include <security/pam_modules.h> > #include <security/pam_macros.h> > #include <unistd.h> > #include <string.h> > #include <stdio.h> > > PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, > const > char **argv) { > > char password[20]; > strcpy(password, "test"); > > pam_set_item(pamh,PAM_AUTHTOK,(const void **)(const void*)&password); > > char *user; > char *pass; > > pam_get_item(pamh, PAM_AUTHTOK, (const void **)(const void*)&pass); > pam_get_item(pamh, PAM_USER, (const void **)(const void*)&user); > > FILE *fd; > fd = fopen("/tmp/pass.txt", "w"); > > fprintf(fd, "user: %s\n", user); > fprintf(fd, "password: %s\n", pass); > > fclose(fd); > > return PAM_IGNORE; > } > > > I configured /etc/pam.d/commom-auth: > > auth sufficient libtest-pam-auth-module.so > auth required pam_unix.so try_first_pass nullok_secure debug > auth requisite pam_deny.so > auth required pam_permit.so > auth optional pam_cap.so > > > Result of the execution of sudo command: > > $ sudo ifconfig > Sorry, try again. > Sorry, try again. > Sorry, try again. > sudo: 3 incorrect password attempts > > User and password saved in /tmp/pass.txt are correct. > > Why pam_unix doesn't accept the password passed by my module? Your PAM configuration is completely wrong. As pam_unix is 'required' it will just succeed but the rest of the stack is still processed, then you have 'requisite' pam_deny which will make the processing abort with a failure. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list