Results 1 to 1 of 1
Hi,
I have an application that authenticates users, but it only works when run as root, and when it's told to use PAM (doesn't work when it's told to use ...
- 09-26-2007 #1Just Joined!
- Join Date
- Sep 2007
- Posts
- 1
PAM Authentication Issue
Hi,
I have an application that authenticates users, but it only works when run as root, and when it's told to use PAM (doesn't work when it's told to use shadow file).
Users other than root are not able to run the application to authenticate users by either using shadow (kind of understandable as it needs root to see shadow) or PAM. So, a non-root user is unable to run the application to authenticate users.
The application uses the 'login' service.
This is what uname -a looks like:
Linux kamet 2.6.16.21-0.8-xen #1 SMP Mon Jul 3 18:25:39 UTC 2006 i686 i686 i386 GNU/Linux
login file (/etc/pam.d/login) is as follows:
################
#%PAM-1.0
#auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard
################
common-auth (/etc/pam.d/common-auth) is as follows:
################
#
auth required pam_env.so debug
auth required pam_unix2.so debug
################
nsswitch.conf (/etc/nsswitch.conf) is as follows:
################
passwd: files nis
shadow: files nis
group: files
################
PAM debug looks like this for FAILED scenario (xxxx is the name of the tool) when run as non-root and using PAM:
Sep 26 17:37:07 kamet xxxx: pam_unix2(login:auth): pam_sm_authenticate() called
Sep 26 17:37:07 kamet xxxx: pam_unix2(login:auth): username=[patqa2]
Sep 26 17:37:07 kamet xxxx: pam_unix2(login:auth): wrong password, return PAM_AUTH_ERR
########
and PAM debug looks like this for SUCCESS scenario (xxxx is the name of the tool) when run as root and using PAM:
Sep 26 17:42:57 kamet xxxx: pam_unix2(login:auth): pam_sm_authenticate() called
Sep 26 17:42:57 kamet xxxx: pam_unix2(login:auth): username=[patqa2]
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:auth): pam_sm_authenticate: PAM_SUCCESS
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:account): pam_sm_acct_mgmt() called
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:account): username=[patqa2]
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:account): expire() returned with 0
######
Quite obviously, the password is perfectly correct, and /etc/shadow has it as follows (patqa2 being the user name):
patqa2:$2a$10$AmVIpmoeKbGjeRUpMNxk2OVJWSnJRezLv3rH 3o7oVFPeVHRCEr1hq:13782:0:99999:7:::
########
THE BIG QUESTION:
What's going on?
Any help would be greatly appreciated as I'm not really sure what's going on with this!
The tool (xxxx) is owned by the user patqa2 and not root.
Thanks much in advance.
Regards,
SeshLast edited by Sesh; 09-26-2007 at 11:07 PM. Reason: Changed YYYYY to patqa2
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts