Tomaz, What did it do? I changed configuration file and word fine. Old common-auth: auth sufficient libtest-pam-auth-module.so auth required pam_unix.so try_first_pass nullok_secure debug auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so New common-auth: auth sufficient libtest-pam-auth-module.so auth [success=1 default=ignore] pam_unix.so try_first_pass nullok_secure debug auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so I am sorry by sent one wrong e-mail. 2013/6/4 Tomas Mraz <tmraz@xxxxxxxxxx>: > On Tue, 2013-06-04 at 08:30 -0300, Oswaldo F. Filho wrote: >> I created a new PAM Module for RHEL. >> >> My code: >> >> #include <security/pam_modules.h> >> #include <security/pam_macros.h> >> #include <unistd.h> >> #include <string.h> >> #include <stdio.h> >> >> PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, >> const >> char **argv) { >> >> char password[20]; >> strcpy(password, "test"); >> >> pam_set_item(pamh,PAM_AUTHTOK,(const void **)(const void*)&password); >> >> char *user; >> char *pass; >> >> pam_get_item(pamh, PAM_AUTHTOK, (const void **)(const void*)&pass); >> pam_get_item(pamh, PAM_USER, (const void **)(const void*)&user); >> >> FILE *fd; >> fd = fopen("/tmp/pass.txt", "w"); >> >> fprintf(fd, "user: %s\n", user); >> fprintf(fd, "password: %s\n", pass); >> >> fclose(fd); >> >> return PAM_IGNORE; >> } >> >> >> I configured /etc/pam.d/commom-auth: >> >> auth sufficient libtest-pam-auth-module.so >> auth required pam_unix.so try_first_pass nullok_secure debug >> auth requisite pam_deny.so >> auth required pam_permit.so >> auth optional pam_cap.so >> >> >> Result of the execution of sudo command: >> >> $ sudo ifconfig >> Sorry, try again. >> Sorry, try again. >> Sorry, try again. >> sudo: 3 incorrect password attempts >> >> User and password saved in /tmp/pass.txt are correct. >> >> Why pam_unix doesn't accept the password passed by my module? > > Your PAM configuration is completely wrong. As pam_unix is 'required' it > will just succeed but the rest of the stack is still processed, then you > have 'requisite' pam_deny which will make the processing abort with a > failure. > -- > Tomas Mraz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list