Re:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tomaz,

What did it do?

I changed:

auth    sufficient          libtest-pam-auth-module.so
     auth    required            pam_unix.so try_first_pass nullok_secure debug
     auth    requisite           pam_deny.so
     auth    required            pam_permit.so
     auth    optional            pam_cap.so

2013/6/4 Tomas Mraz <tmraz@xxxxxxxxxx>:
> On Tue, 2013-06-04 at 08:30 -0300, Oswaldo F. Filho wrote:
>> I created a new PAM Module for RHEL.
>>
>> My code:
>>
>>     #include <security/pam_modules.h>
>>     #include <security/pam_macros.h>
>>     #include <unistd.h>
>>     #include <string.h>
>>     #include <stdio.h>
>>
>>     PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
>>                                                                 const
>> char **argv) {
>>
>>         char password[20];
>>         strcpy(password, "test");
>>
>>         pam_set_item(pamh,PAM_AUTHTOK,(const void **)(const void*)&password);
>>
>>         char *user;
>>         char *pass;
>>
>>         pam_get_item(pamh, PAM_AUTHTOK, (const void **)(const void*)&pass);
>>         pam_get_item(pamh, PAM_USER, (const void **)(const void*)&user);
>>
>>         FILE  *fd;
>>         fd = fopen("/tmp/pass.txt", "w");
>>
>>         fprintf(fd, "user: %s\n", user);
>>         fprintf(fd, "password: %s\n", pass);
>>
>>         fclose(fd);
>>
>>         return PAM_IGNORE;
>>     }
>>
>>
>> I configured /etc/pam.d/commom-auth:
>>
>>      auth    sufficient          libtest-pam-auth-module.so
>>      auth    required            pam_unix.so try_first_pass nullok_secure debug
>>      auth    requisite           pam_deny.so
>>      auth    required            pam_permit.so
>>      auth    optional            pam_cap.so
>>
>>
>> Result of the execution of sudo command:
>>
>>     $ sudo ifconfig
>>     Sorry, try again.
>>     Sorry, try again.
>>     Sorry, try again.
>>     sudo: 3 incorrect password attempts
>>
>> User and password saved in /tmp/pass.txt are correct.
>>
>> Why pam_unix doesn't accept the password passed by my module?
>
> Your PAM configuration is completely wrong. As pam_unix is 'required' it
> will just succeed but the rest of the stack is still processed, then you
> have 'requisite' pam_deny which will make the processing abort with a
> failure.
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux